27 Apr 2018

Fyde’s app protects mobile devices from social engineering fraud

In April, Fyde got off the ground with the launch of the platform’s Apple iOS app, with an Android counterpart to follow later this year.

The platform protects against wetware, intercepting phishing, smishing and vishing as well as online account takeovers through a hybrid of machine learning and human analysis.

The platform’s user base grew at a rate of 250% per week in the first two weeks and about a dozen phishing attempts aimed at financial institutions were caught as well as a major travel scam, distributed to more than 300,000 consumers and targeting a European airline.

Fyde CEO and founder Sinan Eren says:

“We reported all of the incidents to the targets immediately. We’re also noticing a significantly higher volume of scams being distributed via messaging app rather than via email. Our data points show that between 80 and 85% are being distributed via text messaging, instant message platforms like Whatsapp and Facebook messenger.”

Phishing scams are also shifting to ad formats, encouraging users to click on domain names that look legitimate and in some cases the “ad” is a pixel perfect copy with a slight nuance of difference such as an extra character in the domain name.

Eren explains that attackers are aware of the increase in advertising to promote direct purchases and they’re using that format to lure people to fake sites.

Because there are similarities among these potential threats, Fyde employs machine learning to identify them. But human analysts step in on occasion when threats are only deemed potential. Analysts are distributed across the globe because social engineering fraud targets specific geographic locations and the language and context of the scams will reflect the locale.

Consumers who download the Fyde app will only be notified when they try to click on a fraudulent link or call a fraudulent number; Fyde will intercept the connection and warm the customer or actively block the scam. However, the app does not scan the contents of the phone.

Eren described the company’s business model as B2B2C as Fyde’s aggregated telemetry used to identify threats and attacks is fee-based for financial institutions, brokerages, crypto currency brokers, travel commerce sites and ecommerce sites.

“It’s the institution that’s harmed the most when the user is comprised.”

The model has gained the confidence of both Draper Nexus and Vertex Ventures, which together have invested $3 million in seed funding. Eren expects to begin raising Series A funding before the end of the year, after meeting certain KPIs. He says the company is “also ahead of schedule with many of our key milestones, so we may begin raising the investment sooner as we look to widen our business relations coverage to include mobile carriers.”

Roaming networks pose disproportionate hacking threats and other forms of compromise when consumers are making purchase via their mobile device while roaming.

But Eren, who had previously served as a vice president of Czech anti-virus software maker Avast, also advises mobile device users to take a few additional steps to protect themselves from social engineering fraud, including:

    • Making sure that passcodes and pins are a minimum of six characters, never reusing banking pins
    • Enabling iCloud Location Tracking on iPhones and iPads so lost or stolen devices can be tracked and if not recovered, then at least wiped of personal information. Similarly, Android users with a Google account tied to the device can do likewise via Google Play
    • Taking advantage of iCloud backup or backing up Android files on Google Drive
    • Check with the hotel front desk or coffee shop staff to verify that your signing onto a network authentic to that public space or simply use a VPN network.
    • When traveling to a geopolitically charged country, delete all social media apps before arriving to the country’s airport in order to negate any potential concerns from Customs and Immigration officials, should they ask you to enter your pin so they can view the phone contents.