Who OpenBait is built for

Ten concrete mid-market scenarios where the phishing response problem is real but a six-figure enterprise contract is not an option. These are the customer profiles our product decisions, pricing tiers, and 48-hour playbook are calibrated against.

Not on this list but you think we fit? [email protected]. Most of our mid-market customers are within a 5-minute variation of one of these archetypes.

Use case 1

Direct-to-consumer e-commerce (cosmetics, supplements, apparel)

Revenue JPY 30–150 oku / $20M–100M

Business ($299 per month)

Typical trigger

Customers call support saying they paid on 'yourbrand.shop' and the package never arrived. The `.shop` domain is not yours.

Decision maker

Head of Customer Support → Head of IT → CFO

D2C brands are typosquat magnets — attackers register the `.shop`, `.store`, and new-gTLD variants of a recognizable consumer brand and run paid ad campaigns to siphon checkout traffic. OpenBait's lookalike scan + canary + takedown automation catches the clone before the second week of losses. Social monitoring covers the inevitable Instagram / TikTok fake-promo accounts that follow.

Use case 2

Mid-size B2B SaaS (HR, accounting, project management)

ARR $3M–15M, 500–2,000 customers

Pro ($79) → Business upgrade when incident volume grows

Typical trigger

Users report on Slack / Twitter that they 'can't log in' — then screenshots reveal a pixel-perfect clone of your login page on a typo domain.

Decision maker

CTO / VP Engineering

B2B SaaS login pages are the most-cloned artifact on the web. Cloned credentials give attackers tenant-wide access. OpenBait's canary fires when the clone is hit; the user-side SDK on your real login page warns customers arriving via the phishing referrer in real time. Takedown automation targets the typosquat registrar while the clone is still live.

Use case 3

Crypto exchange / Web3 platform

Any size with a public Discord / X community

Business (social monitoring is the critical feature)

Typical trigger

Your Discord mods report a new 'official support' impersonator every few days; the same attackers have a matching domain and matching fake wallet UI.

Decision maker

Head of Security / CISO

Crypto is the hardest-hit vertical for brand impersonation — 24/7 social scam flows, wallet drainer sites, fake airdrop pages, and counterfeit support accounts. OpenBait's SNS scan across X / Telegram / Discord-adjacent channels covers the non-DNS side; the canary and takedown handle the domain side. Speed matters more than comprehensiveness here — clones have a 48-hour lifespan.

Use case 4

Regional credit union / shinkin / shinkumi (信用金庫 / 信用組合)

~1,000–5,000 accounts, 2–10 branches

Annual $3,500–$7,000 contract

Typical trigger

Monitoring agency notifies you that your brand name appears in a phishing campaign; compliance asks for CSIRT-grade documentation

Decision maker

情報セキュリティ室長 / CSIRT Lead

Regional Japanese financial institutions are under Financial Services Agency pressure to document third-party brand monitoring but cannot sign ACSiON/TOPPAN-scale annual contracts. OpenBait's Business plan with annual invoice billing and Japanese-language compliance documentation fills the slot between 'do nothing' and 'sign a seven-figure SIer contract'.

Use case 5

Subscription media / online fan community (課金会員 1K–10K)

Monthly subscription revenue $50K–$500K

Pro ($79 per month)

Typical trigger

A few paying members report that a 'cancellation page' asked them to re-enter card details outside your real portal

Decision maker

Operations Manager

Subscription media and creator communities attract phishing because the subscriber lifecycle creates 'cancel / upgrade / renewal' moments where users are already expecting to enter card details. Canary tokens on your real account-management pages detect the clones; the user-side SDK catches members redirected from phishing sites.

Use case 6

Travel / booking platform

Revenue JPY 20–100 oku / $15M–70M

Business (PR response time-to-takedown matters)

Typical trigger

Fake 'airline tickets 50% off' site goes viral on LINE / Twitter. PR crisis within hours.

Decision maker

CMO / PR lead + CISO

Travel brands face the fastest-moving phishing cycles because fake discount sites are designed to burn through victims in 24–48 hours. OpenBait's parallel submission to Google Safe Browsing + Microsoft SmartScreen + Cloudflare gives you browser-level warnings live before the registrar even reads the abuse report. The PR team gets a timestamped takedown log for their public statement.

Use case 7

Vtuber / entertainment IP company

IP-holding subsidiary of a larger media group

Business (brand protection is a legal obligation to the talent)

Typical trigger

Counterfeit merchandise EC site and fake fan club surface around a major talent debut

Decision maker

IP Rights Management + Legal

Entertainment IP companies have unusual obligations — they protect not only the parent brand but the talent's individual likeness. OpenBait's canary detects fan-club impersonators; the automated takedown generates the evidence packs legal teams need for registrar abuse reports and in some cases UDRP filings. Multiple brand assets on one Business plan covers multiple talents simultaneously.

Use case 8

Healthcare SaaS / online medical services

Medley / MICIN-scale or below

Business (privacy compliance requires monitoring documentation)

Typical trigger

Fake prescription-lookup page appears; privacy regulator inquiry follows

Decision maker

CTO + Privacy Officer

Japanese healthcare SaaS operates under Personal Information Protection Act scrutiny — once an impersonator touches medical data, documented monitoring becomes mandatory. OpenBait's audit-log workspace and Japanese-language compliance reports satisfy regulator requirements at mid-market cost.

Use case 9

Online education / language school (including offshore English schools)

100–5,000 students, mostly digital marketing

Pro ($79 per month)

Typical trigger

Landing page is copied wholesale and re-used by a competing (fraudulent) school

Decision maker

Marketing / Ops Lead

Education marketing funnels get cloned because the entire customer acquisition pipeline — landing page, payment flow, trial signup — is high-margin and easy to steal. OpenBait's Pro plan covers lookalike detection + basic takedown; Canary tokens protect the signup-form clones that are most common in this vertical.

Use case 10

US / UK SMB SaaS ($10–50M ARR)

10–50 employees, English-first

Pro $79/mo (yearly $853 with 10% discount)

Typical trigger

'Someone on Reddit said there's a fake checkout page for us. What do we use to track this?'

Decision maker

Head of Security / Founder

The global mid-market — US/UK/AU — ends up on OpenBait because Memcyco/Axur are overkill and Have I Been Squatted's takedown is Enterprise-only. Founders and heads-of-security sign up directly, self-serve, and scale into Business as volume grows. Japanese UI is not a requirement for this segment but helps when expanding into Japan.

Your scenario isn't listed — but it probably fits.

Free tier covers one brand asset and the detection pipeline. No credit card. No sales call. Tell us if you're stuck on a scenario we haven't captured above — we'll help you figure out the tier fit in a short email.

Use cases — who OpenBait is built for (10 mid-market phishing response scenarios)