Arkose Phishing Protection
Arkose Phishing Protection is a powerful solution designed to effectively counter reverse-proxy phishing attacks and safeguard login and MFA credentials from theft. It offers essential features that cater to the needs of product security teams, providing them with the necessary configurability and intelligence to protect their applications and users. With real-time detection capabilities, it identifies and mitigates reverse-proxy phishing attacks using both client- and server-side signatures. The solution includes managed phishing detection rulesets, hostname allow and deny lists, and immediate end-user warning messages, and it supports both active interception and monitor-only modes.
Detect reverse-proxy phishing attacks in real time
Protect users and block credential theft
Prevent interception of MFA/2FA codes
Warn users with customized alerts
How it Works
- Step One: The user is tricked into clicking on a malicious URL/link.
- Step Two: The phishing site is returned to the user, while the reverse proxy sniffs the traffic to the target site.
- Step Three: Arkose Phishing Protection identifies the phishing traffic, based on numerous signals.
- Step Four: Arkose Phishing Protection warns the user they are browsing a malicious copy of the target site. Alternatively, the target site may elect to simply monitor the suspicious hostname.
- Step Five: The login or registration fails, because the Arkose session token check fails.
Why Add Phishing Protection to Your Arkose Labs’ Deployment
Superior Reverse-Proxy Attack Detection
Traditional solutions rely on static indicators and known phishing URLs. Arkose Phishing Protection builds on the unmatched bot detection and mitigation technology of Arkose Bot Manager to stop reverse-proxy attacks and prevent the theft of login and MFA credentials.
Catch phishers in the act. Our solution includes real-time detection of reverse-proxy phishing attacks (using client- and server-side signatures), in-the-moment end user warning messages, and immediate visibility of phishing sessions in the portal.
Flexible Deployment Options
In “active” mode, suspicious hostnames are captured and anti-phishing pressure activates, displaying a warning message to the end user and blocking verification. Alternatively, businesses may choose “monitor” mode to capture and report on potentially malicious activity.
Ease of Integration
The solution is easy to deploy, with no new integration points or engineering work required. Arkose Phishing Protection complements your incumbent solutions to provide well-rounded protection against phishing attacks.
Based on early trials, customers can flag hundreds of thousands of reverse-proxy phishing sessions during initial deployment and block dozens of previously undetected phishing domains within a week of activation.
Request a customized demo to learn more.
REQUEST A DEMO CLOSE