Scanning Email URLs with TokaiMail

URL scanning is the prime reason we developed TokaiMail. We notice that a lot of users did not know how to handle suspicious emails and especially emails where the call to action is “click on this link”.

Some of the phishing or botnet emails can look extremely real. If one of your vendors or customers gets infected, the botnet will take control over the user mailbox and start sending emails out. The recipient receives an email from a legit mailbox that is not flagged as *SPAM* because this email transits from the corporate email server with legit credentials. This email can include an attachment or a link to click to a phishing page or a website inviting you to download an infected attachment.

When the email headline is “Purchase Order” or “Invoice”, it can be very enticing to open it. End users are often very conflicted between the risk of getting infected and the risk of getting blamed for not processing an important email.

In a small company where everyone works close to each other, users will easily talk to each other, ask opinions, advice when it comes to emails. If you are lucky to have a tech-savvy person in your team, it can be helpful to forward him the email and ask him to look into it, run some checks and give you his honest opinion.

This kind of check can be time-consuming if they happen too frequently. That is why we strongly believe it is crucial to train the users to make these checks by themselves, to be able to recognize suspicious emails and dismiss them without any external help.

It could be tempting to take the easy street and implement a very strict email policy to rule out any human error. This is a valid choice but it can also generate a lot of false-positive which could be lost business opportunities. I strongly believe that the best path is to train and educate the users to recognize and classify emails by themselves. It is harder but ultimately rewarding.

TokaiMail URL Scanning

We have spent a lot of time trying to find the right solution for our URL scanning engine. We were hesitant to build our own and finally decided to go with an industry-leading solution: Google Web Risk. Google has without a doubt the biggest experience with website referencing, plus it runs a very successful email service that implements natively the same solution.

Google Web Risk is a Cloud service that enables TokaiMail to check URLs against Google’s constantly updated lists of unsafe web resources. Unsafe web resources include social engineering sites—such as phishing and deceptive sites—and sites that host malware or unwanted software. Web Risk includes data on more than a million unsafe URLs and stays up to date by examining billions of URLs each day.

Every time a TokaiMail user attempts to scan links, our tool queries Google Web Risk and returns the threat type.

There are three types of threats that could be flagged to the end-user.

Malware

Malware stands for malicious software. It is a generic term that includes any malicious program or code that is harmful to computers.

The malware aims to take control, damage, or disable computers, computer systems, networks, tablets, and mobile devices.

Social Engineering

The term social engineering refers to methods employed by hackers to obtain the trust of an end-user so that the hacker can retrieve information that can be used to access data or systems.

Unwanted Software

Unwanted softwares are programs that impact the Windows experience without your consent or control. This can take the form of the modified browsing experience, lack of control over downloads and installation, misleading messages, or unauthorized changes to Windows settings.

Using TokaiMail Outlook Add-In, end users can detect these threats in the email within seconds. TokaiMail shines by its simplicity, you are just a few clicks away from finding out if the email you received is malicious.

TokaiMail philosophy is to put the user at the center of the threat mitigation process and as such we have made the choice to not include any sort of automation or AI in our software. All the features are accessible manually for the user. Using the software is part of the learning process. Every time, TokaiMail flags a new email for you, you become more proficient at detecting potential threats.

So far, there is no IA that can replace the human mind and we like to keep it that way.

Ready to give it a try? Buy Tokaimail Outlook Security Add-In now!

We also provide volume discounts upon request. Feel free to contact us.

Latest posts by Mathieu Ploton (see all)

Leave a Comment

Your email address will not be published. Required fields are marked *

Shopping Cart