Visible security with each email

Identifying threats and fraudulent emails couldn’t be simpler with PERNIX and CORVID's
email protection banner.

Can you spot the phish?

With PERNIX, CORVID's email protection service, you don’t have to. Our simple traffic light indicators gives you the ability to validate email authenticity and make an informed decision. Over 20 different fraud detection and content checks are carried out by the cloud solution, using up-to-the minute threat intelligence, before filtering the email with the appropriate email security through to your users’ inboxes.

EP-ipad-email-greenbannerEach inbound email will be scanned through the system and those which are safe will display the green banner. The system uses adaptable learning to recognise normal user behaviour and, over time, will build up a list of safe senders that you correspond with.

The following are common examples of phishing and business email compromise scenarios where the CORVID banner can help you easily identify malicious activity which could otherwise go unnoticed. Click for an example of:

  1. Domain impersonation
  2. VIP impersonation
  3. Reply redirection
  4. Malicious attachment
  5. Spam

Please note: the following names, businesses, email aliases and incidents are fictional. The CORVID banner examples are true representations. 

1. Domain impersonation

David has received an email appearing to come from the group IT department asking him to click a URL to complete a mailbox upgrade.

The email looks genuine and at a quick glance resembles the group domain. It addresses him directly and the content applies a sense of urgency, as without action he will be negatively affected.

The email doesn’t have any attachments that could indicate a malicious payload. Would you be tempted to upgrade?




You can see the sender’s email address isn't what it appears to be. Fraudsters subtly misspell domain names to trick users into thinking they are from a genuine source – attack methods like this are undetectable to the naked eye, but CORVID's email protection banner displays it clearly.

This particular email has been received from an internationalised domain name (IDN), which means the sender’s email address includes special characters (Unicode) or those from language-specific scripts such as Arabic, Chinese or Hebrew.



2. VIP impersonation

Olivia has received an email from her CEO (Emma) asking her to help resolve an urgent financial solution.

Olivia works in the finance department and this type of situation is very common. The email is short, personable and appears to be sent from a mobile device, giving the impression that Emma is offsite and unavailable.

The particular details about sitting with a customer applies that she is unable to take calls, and the word ‘urgently’ implies immediate action.

If you were Olivia and this was part of your day job, would you reply to your ‘CEO’ with the information required to line up a payment?




The sender’s details don't match the VIP details saved in Email Manager for Emma Wilson. There is a strong chance this email is from a fraudster impersonating your CEO.

You can save/edit a number of VIP names and email aliases in Email Manager.

Due to the number of checks PERNIX carries out, it is common for the banner to indicate a number of issues, as seen in this example. The banner's warning line will display all that apply.


3. Reply redirection

Lucy works in procurement and has received an email from one of her suppliers asking her to update their account details for future payments.

The request looks genuine and that it is sent from the legitimate supplier. The message is professional, and in the same style and tone as normal email exchanges.

Wouldn’t it be easy to send a quick reply requesting the new details?




Clicking 'reply' will send your email to a different email address to the one displayed here. This is a redirection technique used by marketing emails as well as attackers.

As the email appears to originally come from a trusted individual, you shouldn’t reply to this thread – use another channel for correspondence instead.

For full email diagnostics, simply click ‘View email info’.


4. Malicious attachment

The communal ‘sales’ alias receives an email from a shipping company with an attachment referencing a delivery.

The message is short and doesn’t include any specific details regarding the delivery; therefore curiosity could easily lead to one of the members clicking the attachment.

Would you be enticed to find out what this delivery note is referring to?




Malicious attachments will never reach your inbox – they're quarantined in Email Manager for your safety. You'll receive this notification, so you know we've blocked a potentially malicious email.

Once installed on your machine, malware – also known as ransomware, viruses or spyware – can be used to access sensitive information such as bank account details and personal data, or deny you access to your files unless you pay a fee.


5. Spam

Every day, the shared ‘contact’ inbox is flooded with marketing emails, unrelated or fake sales promotions, sales cycle updates and prospect enquiries.

The majority of ‘spam’ emails are easy to identify, but the volume and frequency are causing a burden. It is becoming increasingly difficult to filter through the mailbox and spot the legitimate emails which require action.

If there was a way to stop spam from reaching you in the first place, would it help improve productivity?




We identify spam emails so you don't have to – these emails are blocked and held in Email Manager. Depending on your settings, you'll receive daily/weekly/bi-weekly notifications of all the emails that have been blocked. You can then view and release any emails which are legitimate and require action.

However, if our checks identify that the spam email also contains malicious content (such as malware), the email is held in quarantine and can only be released by a domain administrator.