CognitiveID Solves Phishing

The Problem

You are sitting at your desk when an urgent email hits your inbox. It’s a panicked message from your company vice president telling you he cannot log into the server. Because he’s in a time crunch, he needs YOUR username and password to get access to his files. Not wanting to get fired, you “bend” the rules and reply back with your credentials. Sadly, you have just had your credentials phished by a hacker who “faked” where their email originated.

Or consider this scenario: The Human Resources manager uses a weak email password, easily guessed by a hacker. The hacker then logs into the executive’s email and sends out a message to everyone asking them to verify their personal bank account information for the next payroll. Because the hacker has access to the account, he constantly refreshes his inbox, intercepting the replies before the actual HR director catches on. The HR manager was phished.

Phishing has long been a problem in the cybersecurity world. Going after the login credentials of users is common sport these days. Most of these attacks occur through social engineering and email account takeovers.

The Solution

However, a new solution is now available, and it will effectively eliminate phishing of static credentials. By eliminating passwords, CognitiveID has effectively drained the “phishing pond.”

Let me expound. True security depends on verifying the identity of the user. While you may say that the username/password combo effectively meets this need, I disagree. Static credentials do not verify the user. They are simply “identifiers” known by the user and the data server. This setup simply allows a “valid set of matching credentials” giving access regardless of the end-user identity.

Identity vs Identifiers

And that’s the key. In today’s world, you need to know the difference between “identifiers” and “identity.” As I mentioned before, the only way to GUARANTEE security is to verify a user’s identity. Usernames and passwords do not accomplish this task. After all, anyone armed with that information can impersonate a user perfectly.

How it Works

The only true phishing solution is tied to the concept of CognitiveID. CognitiveID is the NimbusID implementation of the Cognitive Identification security strategy. It is based on the contextual logic every human uses to file information in their brain. I know that sounds very complex, but the concept is actually very simple. Watch this short video to see how it works.

Remember, the only way to verify identity is to test a user’s contextual logic, not test static identifiers. NimbusID, using our patented CognitiveID model, stops phishing and a host of other security vulnerabilities tied to static credentials. Other companies try to thwart phishing attacks by scanning email to identify the “bait.” At NimbusID, we know the only way to truly stop “phishing” is to empty the pond of “phish.”

About the author: Eric Spellman