Who OpenBait is built for
Ten concrete mid-market scenarios where the phishing response problem is real but a six-figure enterprise contract is not an option. These are the customer profiles our product decisions, pricing tiers, and 48-hour playbook are calibrated against.
Not on this list but you think we fit? [email protected]. Most of our mid-market customers are within a 5-minute variation of one of these archetypes.
Use case 1
Direct-to-consumer e-commerce (cosmetics, supplements, apparel)
Revenue JPY 30–150 oku / $20M–100M
Business ($299 per month)
Typical trigger
Customers call support saying they paid on 'yourbrand.shop' and the package never arrived. The `.shop` domain is not yours.
Decision maker
Head of Customer Support → Head of IT → CFO
D2C brands are typosquat magnets — attackers register the `.shop`, `.store`, and new-gTLD variants of a recognizable consumer brand and run paid ad campaigns to siphon checkout traffic. OpenBait's lookalike scan + canary + takedown automation catches the clone before the second week of losses. Social monitoring covers the inevitable Instagram / TikTok fake-promo accounts that follow.
Use case 2
Mid-size B2B SaaS (HR, accounting, project management)
ARR $3M–15M, 500–2,000 customers
Pro ($79) → Business upgrade when incident volume grows
Typical trigger
Users report on Slack / Twitter that they 'can't log in' — then screenshots reveal a pixel-perfect clone of your login page on a typo domain.
Decision maker
CTO / VP Engineering
B2B SaaS login pages are the most-cloned artifact on the web. Cloned credentials give attackers tenant-wide access. OpenBait's canary fires when the clone is hit; the user-side SDK on your real login page warns customers arriving via the phishing referrer in real time. Takedown automation targets the typosquat registrar while the clone is still live.
Use case 3
Crypto exchange / Web3 platform
Any size with a public Discord / X community
Business (social monitoring is the critical feature)
Typical trigger
Your Discord mods report a new 'official support' impersonator every few days; the same attackers have a matching domain and matching fake wallet UI.
Decision maker
Head of Security / CISO
Crypto is the hardest-hit vertical for brand impersonation — 24/7 social scam flows, wallet drainer sites, fake airdrop pages, and counterfeit support accounts. OpenBait's SNS scan across X / Telegram / Discord-adjacent channels covers the non-DNS side; the canary and takedown handle the domain side. Speed matters more than comprehensiveness here — clones have a 48-hour lifespan.
Use case 4
Regional credit union / shinkin / shinkumi (信用金庫 / 信用組合)
~1,000–5,000 accounts, 2–10 branches
Annual $3,500–$7,000 contract
Typical trigger
Monitoring agency notifies you that your brand name appears in a phishing campaign; compliance asks for CSIRT-grade documentation
Decision maker
情報セキュリティ室長 / CSIRT Lead
Regional Japanese financial institutions are under Financial Services Agency pressure to document third-party brand monitoring but cannot sign ACSiON/TOPPAN-scale annual contracts. OpenBait's Business plan with annual invoice billing and Japanese-language compliance documentation fills the slot between 'do nothing' and 'sign a seven-figure SIer contract'.
Use case 5
Subscription media / online fan community (課金会員 1K–10K)
Monthly subscription revenue $50K–$500K
Pro ($79 per month)
Typical trigger
A few paying members report that a 'cancellation page' asked them to re-enter card details outside your real portal
Decision maker
Operations Manager
Subscription media and creator communities attract phishing because the subscriber lifecycle creates 'cancel / upgrade / renewal' moments where users are already expecting to enter card details. Canary tokens on your real account-management pages detect the clones; the user-side SDK catches members redirected from phishing sites.
Use case 6
Travel / booking platform
Revenue JPY 20–100 oku / $15M–70M
Business (PR response time-to-takedown matters)
Typical trigger
Fake 'airline tickets 50% off' site goes viral on LINE / Twitter. PR crisis within hours.
Decision maker
CMO / PR lead + CISO
Travel brands face the fastest-moving phishing cycles because fake discount sites are designed to burn through victims in 24–48 hours. OpenBait's parallel submission to Google Safe Browsing + Microsoft SmartScreen + Cloudflare gives you browser-level warnings live before the registrar even reads the abuse report. The PR team gets a timestamped takedown log for their public statement.
Use case 7
Vtuber / entertainment IP company
IP-holding subsidiary of a larger media group
Business (brand protection is a legal obligation to the talent)
Typical trigger
Counterfeit merchandise EC site and fake fan club surface around a major talent debut
Decision maker
IP Rights Management + Legal
Entertainment IP companies have unusual obligations — they protect not only the parent brand but the talent's individual likeness. OpenBait's canary detects fan-club impersonators; the automated takedown generates the evidence packs legal teams need for registrar abuse reports and in some cases UDRP filings. Multiple brand assets on one Business plan covers multiple talents simultaneously.
Use case 8
Healthcare SaaS / online medical services
Medley / MICIN-scale or below
Business (privacy compliance requires monitoring documentation)
Typical trigger
Fake prescription-lookup page appears; privacy regulator inquiry follows
Decision maker
CTO + Privacy Officer
Japanese healthcare SaaS operates under Personal Information Protection Act scrutiny — once an impersonator touches medical data, documented monitoring becomes mandatory. OpenBait's audit-log workspace and Japanese-language compliance reports satisfy regulator requirements at mid-market cost.
Use case 9
Online education / language school (including offshore English schools)
100–5,000 students, mostly digital marketing
Pro ($79 per month)
Typical trigger
Landing page is copied wholesale and re-used by a competing (fraudulent) school
Decision maker
Marketing / Ops Lead
Education marketing funnels get cloned because the entire customer acquisition pipeline — landing page, payment flow, trial signup — is high-margin and easy to steal. OpenBait's Pro plan covers lookalike detection + basic takedown; Canary tokens protect the signup-form clones that are most common in this vertical.
Use case 10
US / UK SMB SaaS ($10–50M ARR)
10–50 employees, English-first
Pro $79/mo (yearly $853 with 10% discount)
Typical trigger
'Someone on Reddit said there's a fake checkout page for us. What do we use to track this?'
Decision maker
Head of Security / Founder
The global mid-market — US/UK/AU — ends up on OpenBait because Memcyco/Axur are overkill and Have I Been Squatted's takedown is Enterprise-only. Founders and heads-of-security sign up directly, self-serve, and scale into Business as volume grows. Japanese UI is not a requirement for this segment but helps when expanding into Japan.
Your scenario isn't listed — but it probably fits.
Free tier covers one brand asset and the detection pipeline. No credit card. No sales call. Tell us if you're stuck on a scenario we haven't captured above — we'll help you figure out the tier fit in a short email.