Leesburg-based cyber security company PhishMe is making waves against fraudulent emails with a new, innovative approach.
Cyber hacking is one of the biggest crimes facing businesses today in the modern, technological era. According to statistics produced by multiple cyber security outlets, over a million malware programs can be released on the unsuspecting public each day. The worst offender is email phishing, scam emails made to look like they come from reputable sources like popular websites, banks or employers.
The current focus to combat these scams is anti-malware software, but with new threats going live every hour, it's impossible to keep up to date. PhishMe swam against the current and looked at the root of the problem, the person who mistakenly clicks the link.
"Ultimately the problem is a human problem. Trying to discern what is legitimate in an email is hard," said co-Founder and CTO Aaron Higbee. "We develop software that companies use to simulate spearfishing attacks on their employees and the idea is that it's not just a one off test, but a conditioning over time."
These simulated phishing emails are made to look like normal office communication. They are also sent in the morning because statistically employees are more likely to fall for fraudulent emails as they are first checking in the beginning of the day.
"You're at work so you aren't expecting an Amazon gift card or Facebook friend request," said Higbee. "It's things like 'you've received a file from the scanner, click here to open the file or 'someone has left you a voicemail, click here to listen to it'."
The goal is to help people discern what a phishing email looks like and then learn how to report it. In just the five years since PhishMe was launched in 2011, the company now boasts that half the Fortune 100 companies use their software and they have 1,000 enterprise clients. While based in Leesburg, PhishMe has employees and offices all over the world including Dubai, London and Singapore.
"It took a lot of time in the beginning because some of the early conversations we had with customers would say you're going to trick our employees? That's going to make them feel bad. What we helped them understand is the messaging after the fact is about how this is a simulated phish and if it was real these are the consequences that could have happened."
The Washington Business Journal listed PhishMe as the No. 1 large company to work for in the metro area and it's clear to see why when walking through the casual, creative office space.
"We are in cyber security and in the mid-Atlantic so oftentimes when you have that skill set, you've worked for the government," said Higbee. "But we are a private company so things are a little bit more relaxed. We are really OK with working from home but people like coming into the office. We picked this location specifically because we wanted the employees to have something to walk to."
Located in the Villages at Leesburg shopping complex, employees are free to come and go as they please, bring their dogs to work and take breaks playing on the shuffleboard located in the middle of the office space. Higbee wanted to create a fun, easygoing culture.
That culture is now shared among 260 employees. By the end of the year, that group will grow to 300. PhishMe recently raised $42.5 million during a third investment round started last December in an effort to keep expanding rapidly.
"We see that there are so many opportunities to grow," said Higbee "We will really be spending on engineering and research and expanding our offices internationally. We are looking to release two more products that are related to phishing and human behavior."
Despite bringing on new investors, PhishMe is still a majority employee-owned company and Higbee plans to keep it that way. Once the group has outgrown its current space, Higbee will be looking to expand still within Leesburg.
"It is time for Leesburg and Loudoun County to take some market share and build office space," he said. "There is great talent here."