Bolster, an AI startup focused on combating phishing, has raised $14 million to enhance its services.
A dubious email with a link that appears “legit” but is actually malicious continues to be one of the riskiest, yet most effective, strategies in a cybercriminal’s toolkit. Recently, Bolster, an AI startup that developed a unique method to combat that trick, raised $14 million in funding to expand its work. Its main paying clients are brands and other businesses, and it also operates the well-known free phish-checking portal CheckPhish.
Along with Thomvest Ventures, Crosslink Capital, Liberty Global Ventures, Cheyenne Ventures, Cervin Ventures, and Transform Capital, Microsoft’s venture fund M12 led the round as a new investor in the business. Despite not revealing its worth, Bolster has raised almost $40 million to date.
Bolster’s business strategy revolves around offering brand and URL checking services to companies that send out a lot of emails to their clients. As a result, these businesses are easy targets for malicious hackers who either copy their branding to sell their own products or impersonate them in an attempt to trick customers.
The Cybersecurity Infrastructure Security Agency counts notable companies like Dropbox, Uber, LinkedIn, and Coinbase among its clients. The Cybersecurity Infrastructure Security Agency claims that over 90% of all “cyberattacks,” which could involve device viruses, network intrusions, or data breaches, begin with phishing.
It is now incredibly cheap and simple to build up suspiciously similar-looking domain pages for these companies and use them for nefarious phishing activities.
“You can buy tools for $10 or $20 to start phishing attacks,” Bolster CTO Shashi Prakash, who co-founded the business with CEO Abhishek Dubey, stated in a conversation. Because malevolent hackers are more proficient in AI usage, they can now craft plausible bank login screens and launch attacks “within minutes” using phishing-as-a-service.
He claimed that over time, these had grown more advanced and focused. One such instance occurred recently when Mark Read, the CEO of WPP, became the target of a money-laundering scheme. When you read that out, it seems unlikely, and it was a failure, but it only illustrates the direction that these scams are taking.
In order to continuously identify scam operations, Bolster’s approach uses machine learning algorithms and artificial intelligence (AI) techniques to track the internet, including URLs, domain registration databases, conversations in open and closed forums and social media platforms, as well as emails (when working with a client). After identifying dubious links, it uses automated takedowns to shut down their source.
Businesses use the strategy in tandem with the plethora of email security technologies currently on the market to assist in filtering emails as they enter a user’s inbox, making it noteworthy. That’s still a crucial defense against phishing attempts. The idea here is that even if someone does click on a link, they might not get anywhere if those malicious links manage to get past the gates unhindered.
Since hackers can be difficult to locate and the wider funnel of email can be difficult to control, locating and stopping the source of their activities becomes extremely valuable.
Todd Graham, managing partner at M12, says that “one of the advantages that Bolster has is its ability to automatically shut down where these attacks are originating from; they can shut down where those are hosted.” “Considering the size at which these criminal enterprises operate, that is extremely important.” Prakash states that although Microsoft does not currently collaborate directly with Bolster, this investment serves as a sign of potential future collaboration.
Microsoft would be interested in this on two fronts. The corporation, a well-known global brand in its own right, offers a variety of services that result in consumers receiving emails (I can personally attest to receiving an excessive number of emails requesting an account login from dubious “Microsoft” URLs).
Additionally, it serves as a cloud, managed, and software service provider for other companies, making it a crucial conduit to a vast pool of potential clients. Finally, it’s taking a significant step to integrate more AI into every facet of its operations, which means that threat protection will unavoidably need to be considered.
Graham noted that, despite the CheckPhish tool’s design to scan websites rather than provide tools to individual users, the company primarily operates as a B2B enterprise. However, due to its default focus on working with large brands, the CheckPhish tool adopts a consumer perspective, with its ultimate goal being to protect the clients of relevant businesses.
“It is in the best interest of Microsoft, Wells Fargo, or whoever, to make sure that the email, if it does go out, gets noticed if you are receiving an impersonated email that claims to be from Microsoft, but it probably isn’t.”