SL2Z beta

SL2Z is a cloud service that enhances the email security and web privacy of its users by contextually training and warning email users directly in their email client, and by helping users to improve their privacy settings on popular social media platforms.

The cloud service uses a browser extension to detect supported email providers, and to use client-side code injection to surface potential email threats directly in line with the email content, training users to avoid malicious content, and offering report buttons to leverage human intelligence to improve detection. In this prototype, the malicious content will be simulated. In the final product, detection will be applied to all emails and will help the user avoid real phishing scams.

Feature: Spotlight Risky Content in Email (Simulated)

We will use a Chrome browser extension to identify email simulations, and highlight areas of concern such as sender/domain lookalikes, suspicious messaging asking for information, poor grammar, or risky attachments such as HTML or executable files. These areas of concern will be spotlighted by the browser extension, and the user will be asked to take action. These actions will include: Reporting the message to Google or clicking the "Report" buttons directly next to the area of concern. These report buttons will be injected by the browser extension and will only appear during a simulation.

Feature: Threat Simulation Content With heavy input from an industry expert, we will create a small library of 10 phishing simulations to test the user's reaction. These simulated attacks will be used to demonstrate the capabilities of the Spotlight feature (above), and also to train users to avoid phishing attacks and other scams.

Feature: Gmail Best Practice Configuration

The application will read the Gmail settings of the authenticated user, and determine if risky configurations exist, such as Forwarding rules, IMAP settings, and risky authorized apps with Gmail API access.