STOP PHISHING LINKS EVERY TIME

95% of all company breaches begin with an email phishing link. Fortunately, almost every phishing site uses the same technique to bypass cloud-based security. The moment you learn how phishing sites are bypassing your protection, you can finally stop them — every time.

Even if your current security provider claims to protect you from this technique, it is important to read to the end. This technique has been bypassing cloud protection for more than a decade. It is the reason phishing attacks continue to escalate year after year.

How Phishing Links Evade Detection

Nearly 100% professional phishers use the same technique to bypass detection. They program their links to send clean content every time security services connect to them. The attackers' links only send the harmful content when the intended victim connects. In this way, security services approve their links. Victims are then harmed by content that the security services never saw.

Phishing links typically do this by using redirection. In other words, the attackers' links redirect security scanners to a clean site (such as bankofamerica.com); and they redirect intended victims to the phishing site.

If your company relies on cloud-based time-of-click protection then you are likely vulnerable to this attack. The attack succeeds because the time-of-click service analyzes a clean site and then sends the user somewhere else — to the original email link. Sending users to a different site than the one that the security service analyzed is a serious design flaw. If the security service sends users straight to the clean site — straight to the site it analyzes and approves — then users stay safe every time.

TocMail patented the outside-of-the-box method of sending users straight to the approved site — bypassing the original email link altogether. Since the user never connects to the email link, the email link cannot send the user somewhere else.

How TocMail Works

If the final site is a known good site: TocMail automatically sends its users straight there. This is one half of TocMail's patented solution.

If the final site's reputation is unknown: TocMail shows the user the name of the owner of the final site — not the owner of the original email link. If the owner is who the user expects, the user can approve the link and TocMail sends the user straight there. Otherwise, the user deletes the email remaining safe; as only TocMail's servers connected to the final site — not the user. (See Demo below.)

Eliminate Credential Phishing

TocMail's solution stops a specific type of phishing often called phishing for credentials. Credential phishing is the specific type of attack that can finally be eliminated — 100% of the time. (See Catch-22 below.)

Importantly, up to 95% of data breaches begin with credential phishing. In other words, with TocMail's patented solution, you can eliminate 100% of credential phishing attacks — reducing your risk of being breached by up to 95% at the same time.

How To Know If You Are Currently Protected

You can know whether your current cloud-based time-of-click service is actually protecting you or not. Notice in the first diagram that both the scanner and user connect to the email link. But in the second diagram, only the scanner connects to the email link — the user does not. If your cloud-based time-of-click service is always sending your users to the original links in their emails then your company continues to be exposed to this common attack. In this case, a data breach is inevitable.

If your company has already suffered a breach, there's a 95% probability that this is how it happened. In other words, if you want to reduce your risk of getting breached by up to 95%, just add TocMail's solution on top of your current time-of-click service. With TocMail, you can finally close this often-exploited security gap — for as little as $1 per user per month.

Considering that 95% of breaches begin with this specific attack, TocMail's solution offers the greatest cybersecurity impact to price ratio on the market.