A Novel Anti-Phishing Web Service that Does Not Require Any Installation of Software

Share Article

Entevia, LLC, releases WhoSends, which allows the receiver of an email to use a "key-phrase image" to authenticate the sender of the message.

Entevia, LLC, a technology startup located in Gainesville, FL, is proud to announce the release of WhoSends (https://www.whosends.com), a cloud-based anti-phishing, anti-spoofing service. Contrary to ordinary anti-phishing filters, which use a reputation-based approach, WhoSends uses a patent-pending scheme that allows the receiver of an email to authenticate the sender by using an image containing a "key phrase" only known to the user. All this without requiring the installation of any software.

WhoSends was motivated by the limitations of current anti-phishing software products, which rely on a "hearsay" approach to rate the reputation of the sender of an email, prior to filtering. This approach has the limitation that new phishing attacks can go undetected – affecting many victims – until the attack is identified as a threat. WhoSends does not rely on reputation, but rather lets the receiver of an email to authenticate the sender by recognizing an image containing a "key phrase" (e.g., "Daddy's favorite bank," or "This is where I met Sally") only known to the user. This phrase is set by the user as part of the registration of the sending institution as a trusted sender in WhoSends.

Institutions registered in WhoSends are subject to a rigorous validation process prior to registration, increasing user confidence. A registered institution uses WhoSend's web API to obtain a unique URL (containing a unique "access token") that is inserted in HTML at the top of each email. When the user opens the email, and he/she has created a key phrase for the institution, an image containing the key phrase will be displayed, allowing the user to identify the phrase, and thus authenticate the sender. Since no images are transmitted by email, but rather displayed using a secure channel when the user opens the email, the system is resilient to man-in-the-middle attacks.

WhoSends is available free of charge to end users. Registered institutions pay a fee on a per-usage basis.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Javier A. Arroyo-Figueroa
Entevia, LLC
+1 855-801-6196
Email >
Visit website