Explore Joe Security Cloud Basic Accounts Contact Us
top title background image

Joe Security's Blog

React faster to suspicious E-mails with Mail Monitor

Published on: 13.05.2024



In today's threat landscape, companies employ various solutions to protect against phishing attacks. Ideally, phishing emails should get detected and blocked by those solutions and never reach an end user's inbox. 

But there are always new phishing campaigns which employ novel methods such as embedded HTML files and multi stage approaches. So, unfortunately, there will always be emails which make it past the protection. It is then the end user who is the last line of defense. 

Here is an example of a type of email which users currently often receive:




Many end users will be unsure what to do with this kind of email. Ideally, they should know immediately how to report this email and find out if it is legit or yet another phishing email. 

So how can you make it easy for them to report those emails?

This is where Joe Sandbox Mail Monitor comes into play. It provides you with a custom email address to which users can forward suspicious emails. 
The contents of the email will then be analyzed automatically by Joe Sandbox, providing a profound verdict and deep malware analysis reports. 

Your SOC will be instantly notified about these submissions, and receive further notifications on the detection as well as links to the analysis reports. 

Here is an example for such a notification, relating to the email above:




Configuration options


In addition, Joe Sandbox lets you customize many aspects of the Mail Monitor feature, such as:
  • Input filtering: Define file extensions and URLs which should not be analyzed
  • Notification recipients: You can configure who should receive these notifications, including the user who forwarded the email.
  • Notification events: Define for which events notifications shall be sent (e.g. only for malicious results)
  • Email layout: You can add your own company's design to the emails.
  • Screenshots: Analysis screenshots can be included in the notification emails as well.  
Here is a screenshot of the full configuration panel:



Reports


When receiving a new notification, SOC experts can follow the links in the notification to the Deep Malware Analysis reports and learn more about the details of the sample and its dynamic behavior, e.g.:




Here is a very nice example for a report of a phishing email we analyzed recently:


Overview


Here is a graphical overview of how it all works together:



To summarize, Joe Sandbox Mail Monitor is a tool that enables your end users to easily report suspicious emails and submit them for automated analysis to Joe Sandbox. 
You can integrate Mail Monitor into your existing workflows and achieve faster detection of and reaction to novel threats, stopping phishing campaigns before they can wreak havoc.

If you are already a Cloud Pro customer with a Windows or Ultimate account, you can directly try out Mail Monitor and explore all the options it offers.

Would you like to try Joe Sandbox? Register for a free account on Joe Sandbox Cloud Basic or contact us for an in-depth technical demo!