PhishTitan Release Blog

July 2024

Threat Coach, TitanHQ's latest AI-driven feature, has a beta release!

Threat Coach

Threat Coach is an AI-driven feature to help you understand phishing emails. Powered by TitanHQ AI, Threat Coach analyzes incoming emails for sentiment, context, tone, and potentially malicious intent. Threat indicators are highlighted and explained so that you can learn more about the threats used in phishing emails.

Not all email categories are included for analysis in this beta release. As beta testing continues, additional categories will be included.

Go to Incidents and select the Resolved tab.
Select the incident you want to view, and from the Incident Summary page, select the Threat Coach tab.

June 2024

This month sees the release of PhishTitan Anti-spoof and a new Mail Flow page.

Anti-spoof

Email spoofing is the creation of an email with a forged sender address to intentionally mislead a recipient about its origin. PhishTitan Anti-spoof is automatically enabled, meaning that manipulated display names are checked and if detected, an alert banner is added. You also have the option to disable it.

Both MSPs and Customers can access the Anti-spoof setting from PhishTitan > Configuration > Mail Flow > Anti-spoof.

New Mail Flow Page

To simplify things, all mail flow configuration settings have been consolidated, so you can quickly and easily manage how mail is processed before delivery.

Go to PhishTitan > Configuration > Mail Flow to find tabs for Remediation, Anti-Spoof, Allow List and Frequently Exploited Domains.

May 2024

We've added the Exploited Domains feature and updated the Incident Summary page.

Exploited Domains

Malicious actors frequently launch phishing attacks from free email services. With the Exploited Domains feature, admins have the option to apply a banner to email from free email services and alert users to be vigilant. Available on both the MSP and Customer layer, it can be accessed from the Configuration menu:

Go to PhishTitan > Configuration > Mail Flow > Frequently Exploited Domains. The feature is turned off by default. You just need to select the toggle to turn on alerts.
Select Save.

Updates to Incidents Summary page

The Incident Summary page has been updated so that admins can quickly find the information they need.

The top summary card has been removed and that information is now in the message view header.

The Actions dropdown menu displays contextual information to explain the available options.

Lastly, the layout is now in a two-column format, with the message view on the right and Reasons for Detection and URL Analysis on the right.

More in March 2024!

Responding to customer feedback, we've added Allow Domain and Reasons for Detection.

Allow Domains

An admin can now add a trusted domain to a customer level Allow List, making it easier and faster to receive email from known, secure domains. For customers delivering anti-phishing, suppliers usually provide a list of trusted domains allowing training emails to be delivered to a user's inbox without being caught by PhishTitan. Allowed Domains can be added from a number of places:

Go to PhishTitan > Configuration > Allow List and select the Domains tab, or -
Select the add allowed domain icon in the in the Incidents page, or -
Select Actions > Add Domain in the Incident Summary page.

Phishing Detection Reasons

We want to share the reasons PhishTitan considers an email as phishing to give more insight into an incident. This is particularly important for an admin reviewing a borderline safe email.

Go to PhishTitan > Incidents and view an incident. See the Reasons for Detection panel on the Incident Summary page.

March 2024

New layout, Auto Remediation and QR code protection is here!

Auto Remediation

With the introduction of auto remediation, an administrator can now decide the destination of malicious emails by selecting either manual or auto remediation.

With auto remediation, instead of risking exposure to malicious emails - even with banners - an administrator can choose to divert malicious email directly to the Junk folder, providing an additional layer of risk mitigation. Auto remediation:

Helps an MSP admin reduce the risk for customers and their users.
Enhances protection against malicious emails, especially for those who might overlook warning banners.
Go to PhishTitan > Configuration > Remediation

Sidebar Changes

We have moved things around in the side bar menu to help make room for some new things we're planning. While none of the functionality has changed, you will notice that some things are in a slightly different location than before.

Customers	An MSP admin can find all their customers conveniently located on a new Customers page.
License Usage	All your M365 licensing information is now on the License Usage page, previously the Usage page.
Settings	A new Settings menu is where you will find the Administrators page and at the customer level, the Connections page.

Simplified PhishTitan Menu

To simplify navigation, we have grouped all PhishTitan-specific pages together under one PhishTitan menu.

Overview	Previously the Dashboard page, Overview provides a summary of activity for all your customers, including emails analyzed, incidents and usage. You can also now select either a 7-day or 30-day view on the Overview page, allowing you to see a more focused view of your data.
Incidents	Previously the Threat Resolution page, Incidents is where you can manage and take action on reported incidents.
Configuration	This new sub menu is where you will find Remediation, Allow List (at the customer level) and Link Lock.
Notifications	Notifications page remains the same.
Reporting	Insights and Summary Report are now grouped under a single Reports menu.

Quishing Protection

QR codes have gained popularity, but they carry a significant security risk as fraudulent codes can redirect users to malicious websites that appear legitimate. PhishTitan now analyzes the URLs within QR Codes and will detect if they are dangerous.

In this section:

Platform

PhishTitan Release Blog

Search results