96% of Companies Using Office 365 Show Signs of Active Hacking Entry
A recent analysis of 4 million Office 365 accounts revealed that 96% of companies using Office 365 show signs of active hacker movement within their company network. Office 365 has a security gap that attackers effortlessly exploit at will. However, there is good news. Almost every Office 365 breach begins in the exact same way, and TocMail's patented technology stops it. See TocMail vs Safe Links video below.
Microsoft is not alone. Leading cloud-based vendors have the same security gap. They are all fully bypassed in the exact same way — with an attacker sending an email with a cloaked link inside.
Cloaked links send benign content to security scanners, and only send their malicious content to intended victims. Therefore, when the email is analyzed by the spam filter, the spam filter only sees benign content. In other words, cloaked links only send harmful content after the emails have been approved and delivered.
For years, Microsoft advertised its cloud-based time-of-click service as protection against this attack. But cloaked links easily identify cloud-based time-of-click services. The malicious links simply use the visitor's IP address to do so. Cloud-based link scanners access links from different IP addresses than your company's computers. Even when cloud-based scanners use anonymous IP addresses, those addresses are still different from your company's IP address. Therefore, it is easy for malicious sites to use the visiting IP address to know when they are being accessed by a security service, or by an intended victim.
In order for this attack to succeed, companies need to be using a cloud-based email security service (with cloud-based IP addresses). In other words, not only have cloud-based time-of-click services not protected against this attack, but these services are the very reason that the attack exists in the first place. Cybersecurity vendors opened companies to this attack in order to sell their cloud-based email security services. Click to enlarge the infographic below.
The cloud-based scanners used by leading cybersecurity vendors are easily bypassed because they all have the same design flaw:
The scanner's last step is to hand control back to the cloaked link. The cloaked link then sends you anywhere it wants. That's how hackers routinely breach companies every single day. In fact, a recent study of 2,313 files on live phishing sites revealed that over 95% of the live phishing sites were using cloaked links. Cloaked links are literally the most-common, most-effective hacking attack; and every company that relies on traditional time-of-click services remains wide open to this most-common attack.
TocMail's founder invented an incredibly elegant solution to this leading cybersecurity problem. When TocMail's scanner deems the final destination to be safe, TocMail sends you straight to the final destination, not to the original link. Therefore, the cloaked link literally cannot take you somewhere else because you do not even connect to it. TocMail calls this solution "PhishViewer."
Traditional cloud-based scanners attempt to validate whether the original email link is safe or not. But TocMail sends you straight to the final destination, and therefore it does not matter if the original link is safe or not, because you do not even connect to it. The following video demonstrates how TocMail's patented PhishViewer solution overcomes the link validation design flaw found in traditional cloud-based scanners.
TocMail is a full-featured email app with PhishViewer security embedded inside.
'TocMail' stands for 'time-of-click mail.' TocMail is the only time-of-click mail capable of defeating the attack that professional hackers use to bypass other cloud-based time-of-click services.
Almost all data breaches begin in the exact same way, and now your company can finally avoid them. Your company can permanently block the vast majority of hacking in minutes, simply by using TocMail to access emails. Our solution to the leading cybersecurity issue is instant to deploy, simple to use, and uniquely effective.
Patented Protection for Attachments & Links - Phishing & Malware
TocMail 1.0 offered unparalleled protection against phishing and malware links in email messages. TocMail 2.0 extends this protection to links in attachments, and also produces malware-free replicas of PDF, Word and Excel attachments as well — 100% guaranteed. With TocMail 2.0, companies now have comprehensive protection for attachments and links, against phishing and malware. Finally, with TocMail 2.0, data breaches are no longer inevitable.
Although TocMail has many features, comprehensive protection is found in the combination of the following three core services:
Connecting to final destinations is explained in detail above. In this section, you will learn how to use TocMail's other core services to finally keep attackers from breaching your company's network.
Final Destination Owner ID
Traditional security focuses on the identity of the original email link. TocMail is different. TocMail shows the identity of the owner of the final destination. And if the owner is who you expect, TocMail takes you straight to the final destination so that you arrive at a site that is under the control of the approved owner. This combination works together as follows:
For example, PayPal is one of the most common sites that hacker's duplicate. Here's how TocMail's two-step process puts an end to this:
The following video shows how you can be safe, regardless of what the attacker's link decides.
No matter what the attacker's link decides to do, you can be safe every single time. Simply delete any emails where the owner of the final destination isn't who you expect. With TocMail, you never need to fear clicking email links again.
The vast majority of malware and phishing content is distributed through malicious links in email messages. However, some malware and phishing content is still delivered via attachments. With the release of TocMail 2.0, TocMail now protects against this attack vector as well.
When attackers deliver malware and phishing content via attachments, they typically use a PDF, Word, or Excel document to do so. TocMail now offers TocDocs to completely eliminate this attack vector. When you open a PDF, Word, or Excel document from an untrusted sender, TocMail displays an HTML replica of the document (not the document itself). This replica contains zero programming code, and zero macro code contained in the original document. By stripping the document of all its programming code, the resulting TocDoc is guaranteed to be 100% malware free.
The TocDocs also wrap the email links in these documents with TocMail's patented link protection - preventing attackers from using links in attachments to deliver phishing content as well.
The combination of TocMail's features provides full protection from phishing and malware, in attachments and links in email messages. Rampant data breaches are finally not inevitable. Simply read your emails through TocMail, and your company will have protection that cannot be found anywhere else.
PhishViewer Security Simply by Reading Your Emails with Our App
TocMail 2.0 introduced our new infrastructure based on Logical Server Units. Every company is assigned its own Logical Server Unit that is based on the email domain name. Each Logical Server Unit is determined by changing each '.' to '-' and adding .tocserver.com to the end. For example, the Logical Server Unit for mycompany.com is mycompany-com.tocserver.com. The Logical Server Unit for example.org is example-org.tocserver.com.
When you sign up for TocMail, TocMail creates a separate TocMail instance located at your Logical Server Unit address. You will be notified by email when your server instance is available. Then your company accesses its TocMail service directly from that address. Each Logical Server Unit also serves as a webapp, for instant integration with mobile devices.
TocMail currently costs only $3 per email address per month for business accounts, and $5 per month for individual accounts. However, TocMail does offer a free 30-day trial via FastMail. Simply sign up for FastMail's free 30-day trial, and login to your FastMail account at the FastMail Logical Server Unit address: fastmail-com.tocserver.com.
For immediate assistance, please visit our support center to submit a ticket. For all other inquiries, contact our corporate office below.
3901 NW 79th Ave
Suite 245 #873
Miami, FL 33166
Security and Privacy by Design
TocMail Inc. considers your privacy equally important to your security.
TocMail's core email functionality is built upon the open-source RoundCube platform. This secure email platform has been commercially stable for over a decade, and millions of users currently access their email through RoundCube. To the best of our knowledge, RoundCube doesn't transmit any tracking information to outside third parties.
TocMail's webapp stores the following in our company's internal databases: the IP address of your first login, the IP address of your last login, first login time, last login time, and number of failed logins. We use this information to protect your account against others who may try to access your account.
Caching of your email contents by the TocMail app is done in a secure manner. All caching is done by our proprietary Turbo TocSwitch (which enables our webmail to provide access speeds comparable to native apps). In-memory caching persists for as long as the Turbo TocSwitch is operational; however, in-memory caching is quite secure. On-disk caching is temporarily used for outbound messages. Outbound caches are deleted the moment emails are delivered, resulting in most caching lasting a fraction of a second. Companies that require additional compliance or security measures can take advantage of our Bring Your Own Server program, allowing them to operate TocMail servers on-site in any manner they choose.
Our company hasn't added any cookies or tracking to our website. However, our website has been constructed using a CSS framework developed by W3Schools. It's possible for this third party to know when you access this site as its resources are downloaded to your browser.
TocMail Inc. only retains your phone number for identity verification purposes when logging into TocChat. We do not sell nor use your phone number for any other reason.
TocChat uses SendBird's messaging infrastructure. SendBird stores the chat exchanges until the respective channels are deleted. In the near future, TocChat will be offering total encryption (both end-to-end and at-rest). With the release of this version, neither SendBird nor TocMail Inc. will have access to any unencrypted forms of your transmissions thereby guaranteeing complete privacy in all respects.