Email Protector is a Chrome Browser extension that helps you mitigate man in the middle, man in the email, as well as phishing and whaling attacks.

Georgi Spasov
25 Apr 2019
email-protector email

As we’ve already mentioned and discussed what phishing attacks are, and how are they planned in campaigns, how spear-phishing and whaling attacks rob hard-working people, just because hackers exploit the very human nature, now I want to shed some light on another problem – until now there was no single tool that could help you and protect you while you access and use your email daily.

Wouldn’t it be better to be more secure and know whether a message is coming from a legitimate source or is designed to trick you into opening the email and sharing your personal information or downloading a harmful file that could make your computer another node in someone else’s botnet? Email protector is a browser extension that mitigates phishing, spear phishing and whaling attacks. It is designed to protect you when you do your day-to-day tasks. Instead of wasting time validating email headers by hand, Email Protector does that for you.

What is Email Protector?

Email protector is a browser extension that gets installed… on your browser. Statistics show that the most commonly used browser is Google Chrome – that is why we designed the extension to be functional with that browser. The current release supports English, German and Bulgarian languages.

What does Email Protector do?

As a browser extension, you should give permission to the Protector to read the headers of the emails you receive. The extension will not touch any other line of text besides the email header. By scanning the header, Email Protector will find out if the email is coming from a legitimate source or not. If an email comes from a non-legitimate source (like the method used in this article), then the extension will inform the user about the maliciously crafted email. But what if the email comes from a legitimate source? Let’s say that you’re having a nice business conversation with businessmail1@gmail.com. You arrange payment information, exchange invoices and payment information and all of a sudden you get an email from businessmali1@gmail.com (mind the changed email name) or businessmail@gmali.com (the username remains the same, but the domain is changed). This is one of hacker’s favorite methods that trick you into believing that you’ve communicating with the legitimate person or entity. You can find a detailed article about this method here. We’ve included functionality that can protect you from those “misspelled” emails, regardless of the fact if the username or domain name was forged. You, as the user of the Extension, can “trust” specific email addresses – the ones that you know for sure are legitimate. You can do it by highlighting an email in the Chrome browser, right-clicking it and choosing “Trust email”. The email you have trusted will be stored in the memory of the extension, and you will see the email populate the list of “trusted emails”. The standard version of the extension includes one slot for “trusted emails”, while the premium versions include three, ten or unlimited supported “trusted emails”. That way, if you have trusted a specific email, let’s say business@mycompany.org, and you receive other emails from users such as busniess@mycompany.org or business@mycopmany.org, you will be notified about the fact that the email senders are not the same. This notification is going to be persistent whenever you open such an email, so that you are constantly reminded of the difference in the email names and / or domains. If you make an error adding an email, you can always remove the email from the list of trusted emails by clicking on it and then selecting “remove email” from the button below. Additional functionality includes the proactive prevention of phishing and spam campaigns by some domains. If a domain is used for malicious purposes, we collect the email address, which is related with the spam or phishing campaign, and proactively silently inform all Email Protector clients. Protecting yourself means protecting other as well. We take great care in not exposing any information whatsoever that could compromise anyone as an entity or an individual. That is why we do not collect any user-specific information. Security is something that should not be compromised on. Whenever there is a malicious email that you have received, Email Protector gathers the information, such as email user name and email domain (if the email is not spoofed), to inform other Email Protector instances across the globe for the existing threat. If the email is spoofed, Email Protector creates a local cache-like blacklist. This feature is user-centric and takes user security to a whole new level.

Who can benefit from email protector?

The extension is designed for day-to-day use by individuals and companies. If you’re using a browser and receiving 20+ emails daily, you’ll most probably not have enough time to go over email headers manually. That’s why we strongly recommend that you use or product. Just stay secure.

Can I use Email Protector on all email platforms?

Currently Email Protector is limited to abv.bg, mail.bg and Google’s gmail.com.

What are the supported platforms?

As a Chrome extension, currently the Email Protector could be installed on Google Chrome browsers, thus making it platform-independent (you can use it on Mac, Linux or Windows). In the near future, we will make the Extension interoperable with Mozilla Firefox as well.

Where can I download Email Protector from?

You can find the extension in the Chrome Web Store. It’s publicly available and free for use.

Is there a security training video?

Currnently not, but as soon as we upload it, everything will be uploaded here for easier refference.

Where can we report bugs or feature ideas?

You’ve got an idea or just found a bug? You can share it with us on the corporate email! (You can see it in the footer)


Georgi Spasov

Georgi Spasov

Georgi was the Bulgarian POC for high-tech crimes during his work as a cybercrime forensic investigator. Now, as a fullstack developer, he contributes with his knowledge in building highly available software solutions.

comments powered by Disqus

PhaaS Request Submission