Year: 2019

MMC Ventures, the London-based VC that typically invested at Seed and Series A via the various funds it manages, has launched a new £100 million “Scale Up” fund to provide expansion capital to its later-stage portfolio companies.

This is a move we are seeing a number of early-stage European VCs make, such as LocalGlobe with its “Latitude” fund, as they look to double-down on existing investments at Series B and beyond.

The motivation is obvious: as European tech continues to grow, becoming increasingly ambitious and global, investors don’t want to get diluted too much and too early. Meanwhile, although arguably there is an abundance of early-stage capital floating around, there are less European funds as you move to later stage.

MMC Ventures says its Scale Up Fund will provide primary capital to current portfolio companies that have grown beyond the mandate of MMC Ventures’ existing funds. Notably, however, MMC’s Scale Up Fund is also permitted to participate in secondary transactions.

In a call with MMC’s Bruce Macfarlane (Managing Partner) and Simon Menashy (Partner), the pair explained that this means that MMC can offer liquidity to early MMC and third-party investors who wish to exit from one of MMC’s portfolio companies early.

In this way, capital can be recycled within the early-stage funding ecosystem, whereby, for example, angel investors can go again by backing newly formed companies, while MMC maintains a longer-term outlook.

However, despite the launch of a later stage fund, Macfarlane says MMC’s core specialism remains as a Series A investor

Meanwhile, MMC has already made investments from the Scale Up Fund into a number of portfolio companies. They are Safeguard Global (alongside Accel KKR), Masabi (alongside Smedvig Capital), and Interactive Investor.

The Scale Up Fund rounds off a number of new funds managed by MMC. The firm recently outed a new £52 million seed fund in partnership with the Mayor of London. And combined with its annual EIS fundraise, the VC has added £200 million to its coffers in the last 12 months.

Over the last year, MMC has invested more than £85 million across the pre-seed, seed, series A and later stages in amounts ranging from £100,000 to £25 million. The firm also moved into new larger offices in Holborn, in Central London, which Macfarlane tells me is a sign of how bullish MMC remains with regards to U.K. tech and in spite of Brexit.

“2019 has been a big year for our firm, and the launch of our new Scale Up Fund represents a scale up moment for MMC as well as a significant innovation in the U.K. venture market,” adds Macfarlane in a statement. “This Fund allows us to double down on our most successful businesses while enabling our investors, and others, to take full or partial exits from early investments”.

Ford finally showed the world its highly anticipated all-electric crossover, the Mustang Mach-E. The vehicle, which was unveiled Sunday at the Hawthorne Airport and in Tesla’s backyard, marks a series of firsts for Ford and the Mustang badge.

It’s the first vehicle to come out of Team Edison, the automaker’s dedicated electric vehicle organization. It’s not only the first electric Mustang, it’s also an SUV. 

TechCrunch has had an up close look and ride in the Mach-E. While there’s a lot to highlight, here are some of the details that stood out.

Door handles

Ford went an entirely new direction with the door handles on the Mustang Mach-E. You won’t find any Tesla lookalike door handles here. The doors seem to be lacking handles at all. A closer look though reveals illuminated buttons on the B and C pillars. The front doors also have a small, protruding handle located just under the button to grab onto.

Pressing the button for the backdoor immediately pops it open just slightly. Then the passenger reaches into the ajar door to hit the latch. This might sound dangerous and apt for a crushed finger. Except there’s an immediate safety in place that doesn’t allow the door to close.

Owners will be able to also use their smartphone to unlock the Mustang Mach-E. This phone as a key technology is new to Ford.

Tech tray

It’s a seemingly small detail, but so many automakers ignore that their customers have smartphones and want to put these devices somewhere other than a cup holder. Behold the tech tray, which has wireless charging pad.

The cup holders, located just below the tech tray, can be used to hold actual cups.

Infotainment system

The 15.5-inch screen will get a lot of attention, perhaps because its location and vertical placement is reminiscent of the Tesla Model S. But then there’s the physical dial placed on the bottom of the screen to control the volume.

While not everyone will love this feature, it’s interesting how this dial came to be. Team Edison was assembled in 2017 to do more than create a new electric vehicle. It was created to do it differently and much faster than a typical vehicle program.

How the look and functionality of the infotainment system was developed is an example of this newfound nimbleness. A group of just over a dozen people with minimal oversight started with a research trip to China. Further customer research revealed that people wanted native apps in their car’s infotainment system and they didn’t want to learn anything new, Philip Mason, who is on Team Edison’s user experience, said during a backgrounder event prior to unveiling.

A prototype of physical dial was put together quickly — no fancy prototypes — and research groups responded positively.

The infotainment system is also cloud connected, allowing it to show traffic in real-time in navigation feature, has natural language, activated by one of four “wake words” like OK, Ford, and allows users to create personal profiles. The system learns the behavior and likes of the user over time.

And the entire system will be updated and improved via over-the-air software updates.

Vegan interior

Ford is hardly the first to move away from leather for its interior. Tesla has dropped leather and the Porsche Taycan is also vegan. Now the interior of the Mustang Mach-E also qualifies.

The synthetic material is among the better faux leather materials TechCrunch has come across. Even the steering wheel, a challenging area for synthetics, feels good.

Frunk

A front trunk in an all-electric vehicle is nothing new. The Mustang Mach-E doesn’t have the biggest frunk on the market; it’s not the smallest either.

But there is something interesting about this 4.8-cubic-inch frunk. It’s drainable and plastic lined. Josh Greiner, senior interior designer on the Mach-E, was quick to note during a backgrounder prior to the unveiling that the frunk could be packed with ice and used while tailgating.

Africa focused fintech startup OPay has raised a $120 million Series B round backed by Chinese investors.

Located in Lagos and founded by consumer internet company Opera, OPay will use the funds to scale in Nigeria and expand its payments product to Kenya, Ghana and South Africa — Opera’s CFO Frode Jacobsen confirmed to TechCrunch.

Series B investors included Meituan-Dianping, GaoRong, Source Code Capital, Softbank Asia, BAI, Redpoint, IDG Capital, Sequoia China and GSR Ventures.

OPay’s $120 million round comes after the startup raised $50 million in June.

It also follows Visa’s $200 million investment in Nigerian fintech company Interswitch and a $40 million raise by Lagos based payments startup PalmPay — led by China’s Transsion.

There are a couple quick takeaways. Nigeria has become the epicenter for fintech VC and expansion in Africa. And Chinese investors have made an unmistakable pivot to African tech.

Opera’s activity on the continent represents both trends. The Norway based, Chinese (majority) owned company founded OPay in 2018 on the popularity of its internet search engine.

Opera’s web-browser has ranked No. 2 in usage in Africa, after Chrome, the last four years.

The company has built a hefty suite of internet-based commercial products in Nigeria around OPay’s financial utility. These include motorcycle ride-hail app ORide, OFood delivery service, and OLeads SME marketing and advertising vertical.

“Opay will facilitate the people in Nigeria, Ghana, South Africa, Kenya and other African countries with the best fintech ecosystem. We see ourselves as a key contributor to…helping local businesses…thrive from…digital business models,” Opera CEO and OPay Chairman Yahui Zhou, said in a statement.

Opera CFO Frode Jacobsen shed additional light on how OPay will deploy the $120 million across Opera’s Africa network. OPay looks to capture volume around bill payments and airtime purchases, but not necessarily as priority.  “That’s not something you do ever day. We want to focus our services on things that have high-frequency usage,” said Jacobsen.

Those include transportation services, food services, and other types of daily activities, he explained. Jacobsen also noted OPay will use the $120 million to enter more countries in Africa than those disclosed.

Since its Series A raise, OPay in Nigeria has scaled to 140,000 active agents and $10 million in daily transaction volume, according to company stats.

Beyond standing out as another huge funding round, OPay’s $120 million VC raise has significance for Africa’s tech ecosystem on multiple levels.

It marks 2019 as the year Chinese investors went all in on the continent’s startup scene. OPay, PalmPay, and East African trucking logistics company Lori Systems have raised a combined $240 million from 15 different Chinese actors in a span of months.

OPay’s funding and expansion plans are also harbinger for fierce, cross-border fintech competition in Africa’s digital finance space. Parallel events to watch for include Interswitch’s imminent IPO, e-commerce venture Jumia’s shift to digital finance, and WhatsApp’s pending entry in African payments.

The continent’s 1.2 billion people represent the largest share of the world’s unbanked and underbanked population — which makes fintech Africa’s most promising digital sector. But it’s becoming a notably crowded sector where startup attrition and failure will certainly come into play.

And not to be overlooked is how OPay’s capital raise moves Opera toward becoming a multi-service commercial internet platform in Africa.

This places OPay and its Opera-supported suite of products on a competitive footing with other ride-hail, food delivery and payments startups across the continent. That means inevitable competition between Opera and Africa’s largest multi-service internet company, Jumia.

 

 

 

 

 

SoftBank Corp announced today that it has reached an agreement to merge with Z Holdings (the SoftBank subsidiary formerly known as Yahoo Japan) and Line Corp, in a move they hope will better position them against competitors. The merger, which was first reported by Nikkei last week, is expected to be completed in October 2020.

SoftBank and Naver, the owner of Line, will each hold 50% of a new holding company that will operate Line and Z Holdings. By uniting, SoftBank and Naver hope that they will better position search portal Yahoo Japan, Line’s messaging app and their other businesses to compete against rivals from the United States and China.

In its announcement, SoftBank said “in the Internet market, overseas companies, especially those based in the United States and China, are overwhelmingly dominant, and even when comparing the size of operations, there is currently a big difference between such overseas companies and those in other Asian countries, other than China.”

Line is one of the most popular messaging apps in Japan, Taiwan and Thailand, but has struggled to compete in other markets, despite offering a wide array of services that includes Line Pay, Line Taxi and Line Music. Yahoo Japan is one of the country’s biggest search engines, but it competes with Google and its other businesses, including e-commerce, are up against rivals like Rakuten and Alibaba.

Once merged, SoftBank and Naver say cooperation between their subsidiaries and investment portfolio companies will enable them to make more advances in artificial intelligence and other areas, including search, advertising and payment and financial services.

The merger would entail taking Line private by acquiring all outstanding Line shares, options and convertible bonds. The tender offer for Line’s remaining shares will be 5,200 yen, a 13.41% premium over the closing price of Line’s common shares, listed on the Tokyo Stock Exchange, on Nov. 13, before reports came out about the potential merger.

Ford unveiled Sunday ahead of the LA Auto Show the Mustang Mach-E, the highly anticipated all-electric crossover and the first vehicle to come out of Team Edison, the automaker’s dedicated electric vehicle organization.

In short: the Mustang Mach-E is different from any other Ford vehicle without ignoring its roots. It’s undeniably a Mustang with its short nose and front overhang, headlights and muscular stance. But it also has a design suited for an electric vehicle as well as an all-new infotainment system and connected vehicle technology, plus a few other interesting and new details.

The moment is an important one for Ford, which has historically backed hybrid technology. It not only represents the biggest change for the Mustang in its 55 year history, it’s the first product to come out of Ford’s $11 billion commitment to add 16 all-electric vehicles within its global portfolio of 40 electrified vehicles through 2022.

“We knew we had to do something different and something exciting and something only Ford could do,” Kumar Galhotra, president of Ford North America said at a press event prior to the Sunday unveiling.

This is not meant to be a compliance car — the types of vehicles produced only to meet stricter emissions rules in some states such as California, a key market for automakers. It’s meant to be a vehicle that people get excited about; it must be fun to drive and have the performance that Mustang diehards expect.

“I’ve driven it and it’s a rocket ship,” Ford Chairman Bill Ford said during the event Sunday. “This is a Mustang for a new generation, but I also think long-time Mustang fans like me will love it as well.”

And while there have been months of teasers and even one big leak, the unveiling Sunday provided fresh details of the vehicle.

Ford will offer five variants of the Mustang Mach-E, including a standard version called Select, a Premium trim, First Edition, California Route 1 and a GT Performance edition that is targeting a 0 to 60 miles per hour acceleration in the mid 3-second range and an estimated 342 kW (459 horsepower) and 830 Nm (612 pound-feet) of torque.

The limited first edition will start at $59,900 and be available in extended-range all-wheel drive, with red painted brake calipers, metallic pedal covers, contrasting seat stitching and a scuff plate marked “First Edition.”

The first edition and the premium trims will be the initial Mustang Mach-E vehicles available in fall 2020. The Premium version will start at $50,600.

The GT performance, which starts at $60,500, will be available in Spring 2021. Ford has opened up a reservations page, where customers can put a $500 deposit down for any of the versions. A configurator that allows customers to design the version is also live.

Ford unveiled Sunday the newest Mustang in its lineup that marks a number of firsts for the automaker. Not only is this the first all-electric Mustang, it’s also an SUV and the first vehicle to come out of Team Edison, Ford’s dedicated electric vehicle organization.

Here’s a closer look at the vehicle inside and out.

 

[gallery ids="1912963,1912979,1912976,1912977,1912978,1912966,1912971,1912968,1912974,1912973,1912969,1912970,1912967,1912980,1912981,1912964,1912975"]

Disney’s shift to streaming is officially underway with this week’s launch of Disney+  along with its flagship show, the Star Wars series “The Mandalorian.”

On the latest episode of the Original Content podcast, we discuss our initial reactions to the new streaming service.

It turns out that we had fairly different responses: Anthony was impressed by the breadth of the content library (nearly every Disney, Pixar, Marvel and Star Wars film, along with 30 seasons of “The Simpsons”), while Darrell was more interested in the original content. Jordan, meanwhile, found herself initially excited about the library, only to wonder how much time she really needs to spend watching her childhood favorites.

As for that original content, we also have a spoiler-free review of “The Mandalorian.” Disney is releasing episodes on a weekly basis, with two episodes live as of publication — but only one available when we recorded. And even though we’re in the age of extra-long streaming episodes, “The Mandalorian”‘s chapters only run 30 or 40 minutes each so far.

Still, we found plenty to talk about. After all, one reason for that brevity may be the visual richness of what’s on-screen, with enough beautiful new worlds and spectacular battles to stand alongside any of the Star Wars feature films.

And the fast pace means we were never bored: The show introduces Pedro Pascal as a silent-but-deadly bounty hunter, along with Werner Herzog as a client who sends him after a mysterious target.

You can listen in the player below, subscribe using Apple Podcasts or find us in your podcast player of choice. If you like the show, please let us know by leaving a review on Apple. You can also send us feedback directly. (Or suggest shows and movies for us to review!)

And if you want to skip ahead, here’s how the episode breaks down:
0:00 Intro
0:38 “The Morning Show” listener response
9:24 Disney+ discussion
37:34 “The Mandalorian” review (spoiler free)

Northzone, the European VC firm that’s probably best-known for being an early backer of Spotify, has raised a new $500 million fund, which it claims was oversubscribed and will reach its final close imminently.

Dubbed “Northzone IX,” the new fund pretty much represents business as usual for Northzone and will be used to invest primarily at Series A and B, with “selective” Seed investments (as many Series A firms increasingly do).

Geographically, Northzone is targeting Europe and the East Coast of the U.S., and is eyeing up early-stage consumer and enterprise companies that are addressing “large and established industries saddled with legacy technology”. This includes financial services, healthcare, education, mobility and construction.

The VC firm is also announcing two promotions. Hello Fresh co-founder Jessica Schultz and Dots co-founder Paul Murphy have been promoted to General Partners, in addition to existing GPs Pär-Jörgen Pärson, Jeppe Zink, and Michiel Kotting.

“Tech businesses are becoming giants in new industries like construction, food, and finance,” says Murphy, during a telephone interview alongside Schultz and Kotting. “And these industries are 4 trillion to 10 trillion in size, so quite a bit bigger than media, which is where most of the focus has been in the past few decades. I think it’s exciting, we look at huge addressable markets, both in terms of existing incumbents, and consumers and users and businesses. But it’s also challenging because it means we do sort of become, you know, pretty deep on multiple industries, instead of just one”.

To manage this, Murphy explains that Northzone takes a “thematic approach” to investing, whereby themes cut across sectors. “So it could be a certain theme that leads us to a finTech investment or to a mobility investment,” he says. “We try to let the themes take us where they take us, instead of having to focus in on one particular sector”.

“I think our strategy is still looking for founders with huge ambition and conviction to build transformative businesses,” adds Schultz.

With an avalanche of new European VC funds being announced — I chalk this up as the fourth I’ve covered in the last week, I posit that we could be in a bubble or at least somewhat frothy times.

“I think that there’s always cycles,” says Murphy. “And I think where we are in this cycle, there’s a lot of people that are speculating. I think the broad macro climate indicates that we’re maybe at the high end of that cycle, and tech is core to many, many countries’ economy now. So I don’t want to claim that we’re immune to any sort of downturn that may come.

“That said, as I mentioned before, tech is now going after industries that are exponentially larger than what they’ve gone after in the past. There is a whole lot of opportunity out there. Yes, there’s more funds than ever, but if we want to fully capture all of the opportunities that exist around the world in tech, I think we need many more funds than exists today”.

“I think that’s where we have the benefit of history a little bit, as we’ve been in the business for 23 years now,” says Schultz. “We’ve seen a lot of the downturns from dot com boom to the financial crisis in 2008. And I think that also gives us a little bit of a perspective on the opportunities you get in the downturns and also the important areas to focus on during challenging market conditions. As Paul said, we think there will still be a lot of opportunities regardless of the economic cycles”.

The key to VC investing, regardless of cycle, is to stay disciplined “and look for the fundamentals of the businesses” that fit a long term view of how the world is changing.

Somewhat related to this, although Northzone isn’t able to disclose a list of its LPs — who are said to be a mixture of existing investors and new ones — General Partner Michiel Kotting says the majority are in Europe.

“We have always maintained that as a European product, we want predominantly European investors behind us. So it’s an awful lot of European but we’re not one of these EIF [European Investment Fund] dominated funds at all. And we also have systematically stepped up Asian and U.S. LPs in recent years. But the key thing for us is, we learned that lesson a decade ago, you can’t be a European product and be dominated by U.S. or Asian LPs. Because when a financial crisis comes around, they tend to drop those sort of products first. So we’ve always made sure that we have a natural alignment with our LP base”.

There’s literally a lot more stuff in space than there was last week – or at least, the number of active human-made satellites in Earth’s orbit has gone up quite a bit, thanks to the launch of SpaceX’s first 60 production Starlink satellites. This week also saw movement in other key areas of commercial space, and some continued activity in early-stage space startup ecosystem encouragement.

Some of the ‘New Space’ companies are flexing the advantages that are helping them shake up an industry typically reserved for just a few deep-pocketed defence contractors, and NASA is getting ready for planetary space exploration in more ways than one.

1. SpaceX launches 60 Starlink satellites

The 60 Starlink satellites that SpaceX launched this week are the first that aren’t specifically designated as tester vehicles, even though it launched a batch of 60 earlier this year, too. These ones will form the cornerstone of between 300-400 or so that will provide the first commercial service to customers in the U.S. and Canada next year, if everything goes to SpaceX’s plan for its new global broadband service.

Aside from being the building blocks for the company’s first direct-to-consumer product, this launch was also an opportunity for SpaceX to show just how far its come with reusability. It flew the company’s first recovered rocket fairing, for instance, and also used a Falcon 9 booster for the fourth time – and landed it, so that it can potentially use it on yet another mission in the future.

2. Rocket Lab’s new room-sized robot can don in 12-hours what used to take ‘hundreds’

Rocket Lab is aiming to providing increasingly high-frequency launch capabilities, and the company has a new robot to help it achieve very quick turnaround on rocket production: Rosie. Rosie the Robot can produce a launch vehicle about once every 12 hours – handling the key task of processing the company’s Electron carbon composite stages in a way that cuts what used to take hundreds of manual work hours into something that can be done twice a day.

3. SpaceX completes Crew Dragon static fire test

This is big because the last time SpaceX fired up the Crew Dragon’s crucial SuperDraco thrust system, it exploded and took the capsule with it. Now, the crew spacecraft can move on to the next step of demonstrating an in-flight abort (the emergency ‘cancel’ procedure that will let astronauts on board get out with their lives in the case of a post-launch, mid-flight emergency) and then it’s on to crewed tests.

4. Virgin Galactic’s first paying customers are doing their astronaut training

It’s not like they’ll have to get out and fix something in zero gravity or anything, but the rich few who have paid Virgin Galactic $250,000 per seat for a trip to space will still need to train before they go up. They’ve now begun doing just that, as Virgin looks to the first half of next year for its first commercial space tourism flights.

5. TechStars launches another space tech accelerator

They have a couple now, and this new one is done in partnership with the U.S. Air Force, along with allied government agencies in The Netherlands and Norway. This one doesn’t require that participants relocated to a central hub for the duration of the program, which should mean more global appeal.

6. NASA funds new Stingray-inspired biomimetic spacecraft

Bespin’s cloud cars were cool, but a more realistic way to navigate the upper atmosphere of a gaseous planet might actually be with robotic stingrays that really flap their ‘fins.’ Yes, actually.

7. Blue Origin’s lunar lander partner Draper talks blending old and new space companies

Blue Origin’s Jeff Bezos announced a multi-partner team that will work on the company’s lunar lander, and its orbital delivery mechanism. A key ingredient there is longtime space industry experts Draper, which was born out of MIT and which is perhaps most famous for having developed the Apollo 11 guidance system. Draper will be developing the avionics and guidance systems for Blue Origin’s lunar lander, too, and Mike Butcher caught up with Draper CEO Ken Gabriel to discuss. (Extra Crunch subscription required)

It was the one of the best phishing emails we’ve seen… that wasn’t.

Phishing remains one of the most popular attack choices for scammers. Phishing emails are designed to impersonate companies or executives to trick users into turning over sensitive information, typically usernames and passwords, so that scammers can log into online services and steal money or data. But detecting and preventing phishing isn’t just a user problem — it’s a corporate problem too, especially when companies don’t take basic cybersecurity precautions and best practices to hinder scammers from ever getting into a user’s inbox.

Enter TriNet, a human resources giant, which this week became the poster child for how how to make a genuine email to its customers look inadvertently as suspicious as it gets.

Remote employees at companies across the U.S. who rely on TriNet for access to outsourced human resources, like their healthcare benefits and workplace policies, were sent an email this week as part of an effort to keep employees “informed and up-to-date on the labor and employment laws that affect you.”

Workers at one Los Angeles-based health startup that manages its employee benefits through TriNet all got the email at the same time. But one employee wasn’t convinced it was a real email, and forwarded it — and its source code — to TechCrunch.

TriNet is one of the largest outsourced human resources providers in the United States, primarily for small-to-medium-sized businesses that may not have the funding to hire dedicated human resources staff. And this time of year is critical for companies that rely on TriNet, since health insurance plans are entering open enrollment and tax season is only a few weeks away. With benefit changes to consider, it’s not unusual for employees to receive a rash of TriNet-related emails towards the end of the year.

But this email didn’t look right. In fact when we looked under the hood of the email, everything about it looked suspicious.

We looked at the source code of the email, including its headers. These email headers are like an envelope — they say where an email came from, who it’s addressed to, how it was routed, and if there were any complications along the way, such as being marked as spam.

There were more red flags than we could count.

Chief among the issues were that the TriNet logo in the email was hosted on Imgur, a free image-hosting and meme-sharing site, and not the company’s own website. That’s a common technique among phishing attackers — they use Imgur to host images they use in their spam emails to avoid detection. Since the image was uploaded in July, that logo was viewed more than 70,000 times until we reached out to TriNet, which removed the image, suggesting thousands of TriNet customers had received one of these emails. And, although the email contained a link to a TriNet website, the page that loaded had an entirely different domain with nothing on it to suggest it was a real TriNet-authorized site besides a logo, which if it were a phishing site could’ve been easily spoofed.

Fearing that somehow scammers had sent out a phishing email to potentially thousands of TriNet customers, we reached out to security researcher John Wethington, founder of security firm Condition:Black, to examine the email.

It turns out he was just as convinced as us that the email may have been fake.

“As hackers and self-proclaimed social engineers, we often think that spotting a phishing email is ‘easy’,” said Wethington. “The truth is it’s hard.”

“When we first examined the email every alarm bell was going off. The deeper we dug into it the more confusing things became. We looked at the domain name records, the site’s source code, and even the webpage hashes,” he said.

There was nothing, he said, that gave us “100% confidence” that the site was genuine until we contacted TriNet.

TriNet spokesperson Renee Brotherton confirmed to TechCrunch that the email campaign was legitimate, and that it uses the third-party site “for our compliance ePoster service offering. She added: “The Imgur image you reference is an image of the TriNet logo that Poster Elite mistakenly pointed to and it has since been removed.”

“The email you referenced was sent to all employees who do not go into an employer’s physical workspace to ensure their access to required notices,” said TriNet’s spokesperson.

When reached, Poster Elite also confirmed the email was legitimate.

How did TriNet get this so wrong? This culmination of errors had some who received the email worried that their information might have been breached.

“When companies communicate with customers in ways that are similar to the way scammers communicate, it can weaken their customer’s ability over time to spot and shut down security threats in future communications,” said Rachel Tobac, a hacker, social engineer, and founder of SocialProof Security.

Tobac pointed to two examples of where TriNet got it wrong. First, it’s easy for hackers to send spoofed emails to TriNet’s workers because TriNet’s DMARC policy on its domain name is not enforced.

Second, the inconsistent use of domain names is confusing for the user. TriNet confirmed that it pointed the link in the email — posters.trinet.com — to eposterservice.com, which hosts the company’s compliance posters for remote workers. TriNet thought that forwarding the domain would suffice, but instead we thought someone had hijacked TriNet’s domain name settings — a type of attack that’s on the increase, though primarily carried out by state actors. TriNet is a huge target — it stores workers’ benefits, pay details, tax information and more. We had assumed the worst.

“This is similar to an issue we see with banking fraud phone communications,” said Tobac. “Spammers call bank customers, spoof the bank’s number, and pose as the bank to get customers to give account details to ‘verify their account’ before ‘hearing about the fraud the bank noticed on their account — which, of course, is an attack,” she said.

“This is surprisingly exactly what the legitimate phone call sounds like when the bank is truly calling to verify fraudulent transactions,” Tobac said.

Wethington noted that other suspicious indicators were all techniques used by scammers in phishing attacks. The posters.trinet.com subdomain used in the email was only set up a few weeks ago, and the eposterservice.com domain it pointed to used an HTTPS certificate that wasn’t associated with either TriNet or Poster Elite.

These all point to one overarching problem. TriNet may have sent out a legitimate email but everything about it looked problematic.

On one hand, being vigilant about incoming emails is a good thing. And while it’s a cat-and-mouse game to evade phishing attacks, there are things that companies can do to proactively protect themselves and their customers from scams and phishing attacks. And yet TriNet failed in almost every way by opening itself up to attacks by not employing these basic security measures.

“It’s hard to distinguish the good from the bad even with proper training, and when in doubt I recommend you throw it out,” said Wethington.