San Francisco — Phishing emails are a major problem and one that numerous attempts to rectify have so far failed to succeed. In an effort to find a solution to their common problem, major Web-based e-mail providers are teaming up with an anti-fraud startup called Agari to implement the Agari Email Trust Fabric, a email authentication layer that helps keep phishing messages out of peoples’ inboxes.
AOL, Google, Microsoft, Yahoo! and other firms have all teamed up on the project so that they can seamlessly provide metadata from messages that get delivered to their customers to Palo Alto, Calif.-based Agari so it can be used to look for patterns that indicate phishing attacks.
Agari’s system cannot literally stop phishing entirely because it is a social engineering attack: Phishing works by duping the recipient of a phishing message into clicking on a malicious link that appears to be legitimate. But the company claims it can eliminate a particularly effective attack vector: The misuse of trusted email domains.
According to Agari CEO Patrick Peterson, Agari accumulates data from about 1.5 billion messages a day and analyzes them in a cloud-based infrastructure. This data will be analyzed by Agari to see how phishing attacks can be identified and prevented. The company has actually been in operation since 2009 and helps protect more than 1 billion email accounts from these types of attack.
Agari stated that some of the world’s biggest email service providers had joined its Agari Email Trust Fabric platform, which averts malicious email senders from spoofing legitimate email domains within its set of protected mailboxes. It does this through a cloud service built using SPF and DKIM, two established domain authentication technologies.
Citing an RSA study, Peterson, said in a phone interview that phishing costs companies $1 billion annually.
The company described that companies just passes on malicious URLs in the messages to the relevant companies who’s name is being used in the phishing message, which it analyses over a cloud based system to determine a pattern for scam and phishing emails, which is then used to protect user inboxes from nefarious messages, as reported by CNET.
Google said it expects the new arrangement to benefit Gmail users as more mail senders will now be authenticating email and implementing common phishing blocking policies.
Cnet reported that Daniel Raskin, the vice-president of marketing for Agari said…
“Facebook can go into the Agari console and see charts and graphs of all the activity going on in their e-mail channel (on their domains and third-party solutions) and see when an attack is going on in a bar chart of spam hitting Yahoo. They receive a real-time alert and they can construct a policy to push out to carriers (that says) when you see this thing happening do not deliver it, reject it.”
This bar chart shows how many suspicious e-mails Agari blocked since early August (Credit: Agari)
The AGARI Email Trust Fabric revolutionizes email by bringing together the world’s largest global brands, mail carriers, and technology providers under one roof to collectively work together to protect brands and consumers from fraud and phishing, said Peterson.
Our application is a catalyst for change and, with the help of our associates and customers, provides access to data analytics and controls that were inconceivable a few years ago, he added.
Financial services companies, specifically, suffer from phishing, both in terms of fraud losses and diminished customer trust. But perhaps not much longer: With Agari’s technology, Peterson said that some large clients are seeing 50 million phishing messages blocked per day.
Peterson says Agari can help companies understand how their online identity is being used and can help them enforce policy controls.
Google product manager Adam Dawes, in a statement, stated that Google has been working with various email authentication standards since 2004. While coordinated authentication between sender and receiver has historically proved to be a challenge, he suggests that Agari’s approach can help.
“Agari’s concept simplifies the authentication process for large email senders, helps them communicate clear policies to receivers like Gmail, and creates higher communications value for their email transactions,” he said.
In fact, Peterson, however, insists that Agari does not views its customers’ data, and would not become a magnet for authorities seeking access to email users’ data. “We think our application draws the line quite nicely between privacy concerns and actually providing some actionable threat intelligence,” he said.
With Google and the rest of the tech titans joining its platform, the company has access to more than one billion email inboxes around the world. Agari claims to protect 50 percent of consumer email traffic in the United States.