Phishing scams have evolved well beyond the “Nigerian prince” email ruse that for more than two decades has duped people into wiring cash abroad. Phishing solicitations trick unsuspecting recipients into sending money, sharing passwords and financial information, and installing malicious software. It arrives via email, ads, social media sites, chat tools and embedded in documents.
A Seattle-based startup called PhishCloud is helping businesses and their employees identify and avoid these common cyberattacks. The service analyzes and scores all of the links that subscribers come across, flagging them in green for safe links, yellow for suspicious content and red if deemed unsafe. The average internet user sees between 500-1,000 links per week, said PhishCloud CEO and founder Terry McCorkle.
PhishCloud is “creating automated tools that anyone can understand and use to protect themselves on the internet,” McCorkle said.
And given the “unprecedented challenges” being faced by businesses due to the novel coronavirus, McCorkle is offering its entry package, called PhishCloud Lite, for free for one year to any company looking for phishing protection.
McCorkle, who has worked in IT and security roles for two decades, launched the company in 2018 with co-founder and Chief Technology Officer Kyle Hurst. McCorkle sold his first company, SpearPoint Security, to California-based Cylance in 2013. PhishCloud is his second startup. Hurst, a long-time Amazon employee, has 21 years of experience in supply chain and program development.
The PhishCloud team has eight employees, including contract and part-time workers.
The product is available by subscription and marketed to business customers. For small-to-medium businesses, the cost is $6 per user, per month. The startup will soon release a more advanced tool for $8 per user, per month, with plans on the horizon for serving larger, enterprise-scale companies.
While many competitors offer security tools, McCorkle said his company’s product is unique for providing transparency to users, educating them in real time about which links are dangerous. Instead of requiring employees to forward suspicious links to administrators for review, PhishCloud makes the call for them, saving everyone time for responding to more meaningful security threats.
“We believe that empowering people is the solution to building a security-minded culture and stopping phishing,” McCorkle said.
We caught up with McCorkle for this Startup Spotlight, a regular GeekWire feature. Continue reading for his answers to our questionnaire.
What does your company do? We engage people in cybersecurity.
PhishCloud provides artificial intelligence to employees to help them detect phishing and internet security threats in real time. By doing so, we simplify management and increase visibility for IT and security teams.
Inspiration hit us when: I was performing “red team” security assessments, and one of the primary tactics that I used was phishing. It was a very revealing test. There were many times that people realized they had clicked on a phishing attempt, but IT or security teams were to slow to respond. Sometimes they would never respond at all, leading to a full compromise of their network (luckily, it was only a test).
I realized that employees were trained to guess if a message was phishing, but never provided any tools for doing this. More specifically, I realized that IT and security teams could not scale to provide security support to everyone who saw a phishing attack.
After discussing the idea with Kyle, PhishCloud was born.
VC, Angel or Bootstrap: We started as a bootstrapped company and are currently raising an angel round. We have tried to stay lean while we pioneered and patented our technology. Now that we have brought it to the market, we are bringing on outside investors.
Our ‘secret sauce’ is: People first. We engage people in cybersecurity, which has increased visibility into the threats people face on the internet, gives people a voice in cybersecurity, and allows IT and security teams to respond faster. The key to doing this is our patented, end-point security that is integrated into the applications people use every day. We make detecting phishing as easy as using a traffic light.
The smartest move we’ve made so far: Finding the right people. We have been lucky to build a fantastic team, including contractors and outsourcing partners.
The biggest mistake we’ve made so far: As with any startup, we have many. If we were to do this over, we would have started fundraising earlier.
Which leading entrepreneur or executive would you most want working in your corner? There are many people required to build a company, so this is a tough question. We discussed this as a team, and if we had to have just one, it would be Elon Musk, CEO of Tesla and SpaceX. He is a visionary and has such amazing ambitions. We’re inspired by his continued ability to lead companies that change the world.
Our favorite team-building activity is: We have a good time playing mini-golf and occasionally just hanging out in the office with a drink, talking at the end of the day.
The biggest thing we look for when hiring is: We love to work with people who are driven to succeed, which is important at any startup. The biggest quality we look for is the ability to learn quickly and be creative.
What’s the one piece of advice you’d give to other entrepreneurs just starting out: Always be learning.