TORPEDO - Add-on to support users in detecting phishing e-mails
Phishing is a method fraudsters use to defraud or harm you.They send you phishing e-mails, i.e. messages containing malicious links. Thus, in order to effectively detect phishing emails, it is necessary to carefully check the web address (also called URL) behind the link. TORPEDO (TOoltip-poweRed Phishing Email DetectiOn) helps to expose malicious links in phishing e-mails so that you can expose their attempts to deceive you. It exists as an add-on for browsers (Chrome, Firefox) as well as for the Thunderbird e-mail client.
TORPEDO displays the destination URL (web address) in a dialog box (a tooltip box) when you hover over a link with your mouse. The tooltip highlights the so-called domain of the link because this is the only relevant part to be used when you decide whether the web address is legitimate or not. There are four different colors depending on the potential security risk (green, blue, grey, red).
A green frame means the domain (highlighted part) is classified as low-risk by the developers of TORPEDO, and used daily by many web users.
If the frame is grey the domain should be checked carefully before you click on it, because the link could be dangerous. TORPEDO delays down activation of the link to give you time to check it. You have to wait three seconds before activation. You can click on "more information..." for more information any time you see one of these warnings.
A blue frame means that you have indicated that the URL is to be low-risk, because, since you installed TORPEDO, you have clicked on a link in e-mails with the same domain at least twice.
The frame is red, when incongrueties occur - for instance, when the URL displayed in the e-mail does not match the actual target URL and when the domain is unknown to TORPEDO. You should check the domain very carefully in this case.
Settings: You can tailor TORPEDO via the settings. You can customize the activation delay, setting how much time you need to check the domain before the link is activated. You can also decide if this should also go for the domains classified as low-risk.
You can also decide whether TORPEDO's list of low-risk domains is correct. You can also personalize your low-risk domains: these will be activated immediately.
Furthermore, you can decide whether you want to use the predefined list of domains that the developers of TORPEDO have classified as trusted. Also you can edit your personal list of domains ("User-Domains"). This list consists of domains that you have clicked at least twice.
- Browser: You can download TORPEDO for Chrome here. For Firefox, please use this link.
- Thunderbird: You can download TORPEDO directly in Thunderbird.
Due to major changes in the Thunderbird email client we are still working on an update.
Currently we have a TORPEDO version working for the Thunderbird Beta 87.0b3 and above.
You can download the TORPEDO Beta here and the Thunderbird Beta 87.0b3 here.
We are happy for any feedback torpedo(at)secuso.org
- If you are interested in the source codes of the add-ons, you can find them at GitHub (Thunderbird, Chrome/Firefox).
- User experiences of TORPEDO: TOoltip-powered phishing email DetectiOn: Melanie Volkamer, Karen Renaud, Benjamin Reinheimer, Alexandra Kunz. In: Computers & Security, February 2017
- TORPEDO: TOoltip-poweRed Phishing Email DetectiOn: Melanie Volkamer, Karen Renaud und Benjamin Reinheimer. In: 31st International Conference on ICT Systems Security and Privacy Protection - IFIP SEC 2016, Juni 2016.