About Us

About OpenBait and Puson Limited — why we focus on post-incident phishing response for mid-market companies

What OpenBait is

OpenBait is a phishing incident response SaaS: when you discover your brand being impersonated, we automate the 48 hours after — lookalike detection, victim visibility (canary + SDK), abuse-report generation, and takedown submission — from a single workspace.

The product is built for mid-market companies (300–2,000 employees) whose security, comms, customer support, and legal teams need to move together without a six-figure enterprise contract.

Why this problem, why now

Phishing has become structurally worse. APWG recorded 960K+ phishing attacks in Q1 2024 alone — the highest single-quarter figure on record. AI-generated phishing emails are now 82%+ of observed campaigns, and typosquat registrations hit 11.9M in 2025 globally.

The market response bifurcated:

  • Enterprise DRP platforms (Memcyco, Axur, ZeroFox, BrandShield) sell on annual contracts starting at $50K–$500K, behind demo gates.
  • Scanner tools (Have I Been Squatted, Scrutex) are affordable but stop at detection; takedown is either manual or behind an Enterprise-tier upsell.

For mid-market companies — the ones searching for "phishing incident response" after the first PR-threatening clone goes live — there was no platform in the middle. OpenBait is built specifically for that gap.

What the product actually does

Seven capabilities, bundled:

  1. Lookalike / typosquat detection — CT logs, NRD feeds, dnstwist variants
  2. Social impersonation detection — X / YouTube / TikTok / Instagram
  3. Abuse-report automation — per-registrar templates, fixed reporter identity for reputation build-up
  4. Canary tokens — embedded in your legitimate site; fire when attackers clone and real victims visit
  5. JavaScript SDK — on your legitimate site; warn users arriving via known phishing referrers
  6. Unified workspace — cases, evidence, status, audit logs in one view
  7. Takedown execution — registrar abuse, Google Safe Browsing, Microsoft SmartScreen, Cloudflare in parallel

Pricing is public: $0 (Free), $79 (Pro), $299 (Business), $999+ (Enterprise) per month. Annual contract + wire transfer + invoice available on Business and above. Japanese yen billing on request.

Mission

Make phishing incident response something a mid-market team can start the same day — not something they have to outsource to an enterprise contract.

Three operating principles:

  • Democratize incident response — enterprise-grade canary and takedown automation, at self-serve pricing
  • Observability honesty — not "we're scanning for you" hand-waving; the canary actually measures real victim traffic to the clone
  • Operationalize, don't personalize — reporter-identity reputation, case history, and response workflows have to survive an analyst changing teams

Company

OperatorPuson Limited
AddressUnit A, 6/F, Reen Commercial Centre, 682 Shanghai Street, Mong Kok, Kowloon, Hong Kong
Phone+852-3460-5868
Email[email protected]
Webpuson.tv

For procurement questions (security questionnaires, DPA, legal entity specifics), [email protected].

About Us | OpenBait