We’re always told never to click on a link we receive in an email in case doing so takes us to some dodgy phishing site where our account details are
We’re always told never to click on a link we receive in an email in case doing so takes us to some dodgy phishing site where our account details are violated, but what if our email app warned us before we clicked malicious links?
Can this app offer you protection?
MetaCert isn’t fully available yet, but it does seem to be a promising solution that provides email users in enterprise and consumer markets an additional line of defence against clicking on malicious links received in email messages.
The solution emerged from the developer’s earlier work building an API to help app developers add a layer of security to WebView.
It relies on two principal databases which are regularly updated:
- An extensive collection of known phishing email addresses
- A collection of known addresses for the services phishers often like to spoof, places like PayPal, online retailers, banks and so on.
In future, the company will be implementing blockchain technology across its systems – that’s an essential step which should enable users to verify that websites and emails that are being alerted as threats actually are threats, rather than items accidentally added to the phishing warning lists.
How it works
What happens when you receive an email is that the system will check the message against its databases.
It will then flag emails inside your emails up as follows:
- A red shield warns the link goes to a known phishing site.
- A grey shield states it is unrecognized.
- A green means the link should be safe to use.
If you do accidentally click a recognizably malicious link you will be taken to a warning page before you reach the bad website.
There is a negative side to how the app works which most users must be certain they understand. This is that in order to work the system must analyse your emails, which means messages must pass through MetaCert’s servers.
This process means you must give the service permission to handle your messages and (on iOS devices) you will be required to create an application specific password that gives this software permission to access and analyse your messages.
The company says it doesn’t store your emails, but permitting third party access in this way may be a red flag for some potential users, particularly in regulated industries.
There are other solutions that provide anti-phishing protection, such as those from Avira (which costs a few dollars each month). MetaCert is currently available for free but it is planned will become a paid service.
Why it makes sense
Phishing attacks are becoming far more sophisticated, targeted and professional, with c.76 percent of enterprises admitting to experiencing them in the last year.
You can’t be completely reliant on services like these.
Common sense matters, just because your security system tells you something is safe doesn’t mean you should abandon your own scrutiny and common sense.
A grey shield alert doesn’t necessarily mean a link is safe, it means you should double check the link before you click.
The security environment continues to become more complex for both enterprise and consumer users.
Traditional security protection systems such as virus checkers and firewalls are still mandatory but are far less effective against the complex attack scenarios prevalent in today’s digital economy.
When it comes to enterprise security, network monitoring, location-based protection and cooperative sharing of security-related datasets are becoming key components of switched on 24/7 situation awareness security protection systems. Within this landscape, MetaCert’s system seems a useful adjunct to existing systems.
I imagine we’ll see this kind of alert-based security systems become components of future operating systems in future, certainly within those from vendors that actually care about customer security, and privacy, come to that.
On iOS, this new solution works with most email services including Thunderbird and Apple Mail, with Outlook and Gmail support in development. The company is running a public beta test here so you can test this system for yourself.