INDUSTRY SOLUTIONS

Phishing Protection for Construction

Protect your business from phishing attacks with INKY's next-generation email security solution.

AdobeStock_246627520

Why and How do Phishers Target Construction Companies?

With annual revenue of more than $1 trillion, the construction industry represents one of the largest sectors in the U. S. economy. Aside from managing their own personnel, companies must interact with a wide range of outside partners and the primary baseline means of communication among all these players is email, which leaves all construction firms extremely vulnerable to phishing scams, as cybercriminals seek vectors into company systems through trusted partners.

Low levels of IT investment make the construction sector ripe for phishing attacks as these opportunists target weak points. Complex ecosystems invite account takeover attacks from compromised partners. A combination of access and value drive phishers to target construction firms’ email systems. Landing successful phishing exploits lets phishers invade the entire network and drop their payload, which may be a ransomware attack, a credential harvesting operation, or a means to exfiltrate valuable intellectual property or even money.

Request a demo.

How are Construction Firms Currently Protected?

While the larger construction firms may deliver their email through either their own on-premise Exchange server, the vast majority of the smaller companies use a secure email gateway (SEG) provider — including but not limited to Microsoft, Proofpoint, and Mimecast. These services have rudimentary protection against phishing. It’s not enough to stop 99%; it has to be all of them.

In the tight window between when an email server receives an email and when it has to deliver it to a recipient’s inbox, the SEGs can only examine the universal email tests (DKIM and SPF), take a cursory look at the nature of the message with regular expression matching, and look up the sender’s address on whatever bad lists they have on the shelf. With this limited examination, they often miss the phish. And this is the best case. Most SEGs — and even most add-on anti-phishing services that run via an application programming interface (API) — can’t run their full analysis stack on every email because it takes too long.

Speak with an email security expert.



AdobeStock_429370878
INKY on Mobile 01

How Does INKY Stop Phishing Attacks on Construction Firms?

INKY sits downstream from the SEG and spends less than two seconds looking at an email before dropping it in the recipient’s inbox. From this position, INKY catches all the phish that get past the SEGs (and there are many!).

During that two seconds, INKY releases a swarm of mathematical models on the email’s raw HTML code. They all operate simultaneously on it, testing for this and that and formulating an “opinion,” which is in fact a number on a scale, representing the results of its particular test.

One more model takes the output of all the rest and comes up with an overall score that represents how bad INKY thinks the email is. This value is interpreted to create a color-coded banner, which is inserted in the email before it's passed on to the recipient’s inbox (and pulled back out of any reply on the way out).

Request a demo.



Can you rely on your end-users to be on high-alert for all of these phishing tactics across all devices?

Detect images_icon

Brand Hijacking

Detect brand-indicative and scam-indicative images using computer vision models.

Text Macthing_icon

Text Anomalies

Find brand-indicative and scam-indicative text using approximate matching.

Determine Brand_icon

Brand Impersonation

Determine the apparent brand using color palette, layout features, prominent text, and more.

Zero Font_icon

Zero Font

Pinpoint zero-font and other forms or hidden text.

Unicode_icon

Text Cloaking

Identify Unicode homographs, typos, and other text cloaking.

Ready to see how INKY is the smartest investment you'll make in email security?

Learn More