Impostor Detection® - Catching hackers who spoof identity

A new approach 

Existing filters struggle to detect spear phishing and social engineering attacks because these attacks are low volume, personalized and target individuals.  Phishing, spear phishing and social engineering attacks succeed because hackers successfully pretend to be someone the message recipient knows and trusts.

Impostor Detection® technology reduces the possibility of these attacks succeeding by using a new approach. Impostor Detection®develops behavioral fingerprints of communication patterns between message senders and recipients and uses this information to alert message recipients to differences in behavior in new communications received from a sender.

AstraID’s PhishingGuardian leverages Impostor Detection® technology to offer an easy to deploy and use SaaS service to prevent targeted attacks.



An example of a behavioral fingerprint maintained by PhishingGuardian for a fictitious sender, Bob, would include information such as:

  1. Bob uses either an iPhone or Entourage to send email. It is typically sent from the New England area.
  2. Bob’s mail server is a Microsoft Exchange server located in Colorado.
  3. Bob uses English to communicate and rarely misspells any words.


Since the objective in this example is to detect hackers who are pretending to be Bob — every new email from a sender who looks like Bob would be checked against the behavioral fingerprint maintained by PhishingGuardian.  Depending upon the quality of the message, links and attachments, PhishingGuardian would use a match or a mismatch of the behavioral fingerprint to determine if the new message is possibly a spear phishing or social engineering attack.


Patented Technology

Impostor Detection® technology has been developed over years of research and is covered by issued and pending patents. The technology has been finely tuned to minimize false positives and maximize detection of targeted phishing attacks.