The verification feature is an identity management feature to prevent spoofing attacks. 

 

How does it work?


Hotshot Addresses

 

In Hotshot, messages are delivered to your Hotshot address. Hotshot addresses are public; you can share them with anyone for any reason. 


If you verify you are using the correct addresses, then messages will be secure, private, and authenticated (unspoofable). 


Verifications for Users 


If you are a user that has been invited to join a team on Hotshot, it is good practice to verify the address of the person who invited you. The person who invited you is your administrator. 


To verify your administrator's address, click on the "verify admin" link in your list of contacts - it appears directly to the right of your administrator's name. Once you have clicked the link, confirm with your administrator that the two of you are seeing the same Hotshot address. Tip: it is easy to do this on the phone or in person.


That's it! Once you have authenticated your administrator, your list of contacts will soon be updated to include blue "verified user" checkmarks for all of the other users on your team that your administrator has also verified. 


You only have to do this one time.


Verifications for Administrators 


If you are a team administrator, it is good practice to verify the addresses of the users you invite to join your Hotshot team. Verifying users ensures that an attacker was not able to intercept the signup tokens that our server sent before your intended recipients used them.


To verify a user's address in your list of contacts, click on the pencil icon next to their name and scroll to the "Verification" settings. Next, confirm with the selected user that the two of you are seeing the same Hotshot address. Tip: it is easy to do this on the phone or in person.


After a user is verified they will receive a blue checkmark next to their name signifying to everyone in your team that you have verified this user's address (and therefore identity). 



Why use it?


A very common attack hackers perpetrate against individuals and companies involves "spoofing" user identities.


Spoofing is when hackers imitate a person or company by making their website, email address or even caller ID appear to be coming from the legitimate source. Spoofing has become so common that it is unwise to simply trust the "to" and "from" fields in emails as well as in many other popular messaging apps. 


According to a report released by the FBI on 4/4/16, email-based spear-phishing and spoofing scams have cost US businesses more than $2.3 billion in losses in the past 2.5 years alone. Hotshot aims to solve this problem for you by providing an optional but powerful and easy to use built-in user verification feature which cannot be spoofed. 



Questions? Concerns? 


We're happy to help, you can reach out to us anytime!