QuIPS: Question an email with IPS

Fast, personal, expert guidance an individual does not otherwise have easy access to! Try it now – send any suspicious email to quips@ipsemailhelp.co.uk and learn from the information that comes back.

Every IPS member receives a lot more spam emails than they would like.  Precise Security estimates that 55% is of the world’s 300bn daily emails are unwanted spam – including all the scam, phishing and fraudulent emails that IPS writes about regularly.

Many well-meaning public bodies encourage us to forward suspicious emails to them to help better protect the UK from Spam and Scam.  The problem is that they do not offer any personal guidance about what to do with the specific email that made you suspicious.

IPS Solution

IPS have created QuIPS, a unique email guidance tool to support our members when they receive an email that doesn’t feel quite right and have to decide:

“SAFE to click or should I DELETE it?”

QuIPS sends back intelligent guidance in minutes to help you decide.  We will share our red alerts with you AND the public authorities.  We protect you and do our bit for protecting the rest of the country.

Access to QuIPS

  • Everyone can use the tool 3 times per month free of charge
  • Every IPS 360 Protect member can use the tool 50 times per month as part of their subscription

What QuIPS does

1 – QuIPS takes each email (forwarded to quips@ipsemailhelp.co.uk) and strips it down to its individual components.

You will be astonished to learn how many weblinks (or URLs) there are in most email marketing campaigns. It is not uncommon for there to be 40+ links in even the simplest looking email – many of them hidden from plain sight. These links include tracking and monitoring links which are used by many legitimate senders.

2 – QuIPS analyses the origins of each internal component of an email against a global list maintained by the respected provider IPQualityScore (IPQS) who are a leading manager of global, real-time fraud alerts.

We check each component against the IPQS benchmark score for malicious URL detection.

  • If the URL scores a 100, it is confirmed as an unsafe risk. This takes into account factors like the original sender, their domain, their IP address and their geography
  • If the URL is associated with a source of malicious phishing email content a flag is raised
  • If the URL is associated with senders of malware or viruses a flag is raised

All of these checks are carried out in seconds against a growing list of offenders that is updated every 24-48 hours

3 – QuIPS combines all that intelligence to decide which of three states the email shoud be assigned

We automate the calculations and send our users back an informed response within minutes. QuIPS provides you with expert guidance that an individual does not have easy access to.  A Safe response is shown below.  Read FAQ 1 to learn what they all mean

How to Use QuIPS

Watch the video to see QuIPS in action as it quickly returns expert advice.

Frequently Asked Questions

SAFE

We did not find any suspicious responses to our questions and there are less than 15 links within the email. Go ahead and interact with it

SAFE BUT WITH CAUTION

We did not find any specific malicious URL links within the email, but we draw your attention to the fact that there are OVER 15 links within the email itself. We believe it is important that we raise the profile of this issue by showcasing just how many links there are. More links means a slightly higher risk profile. This is usually an indication that it is a mass mailer but is usually safe to interact with. We call out the likely scenarios in the guidance for that email.

DELETE AND DON’T CLICK OR SHARE

We found evidence that one or more of the links is associated with a malicious source and we want users to take maximum precaution by deleting the email. Don’t click any links or buttons as you could activate another process, a software download, be directed to a fake website or confirm some details to a scam. Don’t share it with friends who then face similar risks.

We will take a record of each instance and eventually share with Action Fraud. For now we invite you to forward any of these types of emails to report@phishing.gov.uk
This is a non-personal service, but is the official phishing email reporting address for the UK.  They do not reply with individual advice to senders, but they assure the public that they review every email sent.

Most emails contain embedded links which the human reader does not see when we open them. Email is formatted by the email client provider to be reader friendly, so links which are not needed by the reader are hidden from view.

The embedded links that you don’t see are used for multiple purposes. These include help with navigation to other sites, keeping track of actions, and checking referrals and permissions. Most of the time these embedded links are perfectly safe and pose no risk to the recipient.

However, these links are sometimes designed and placed in emails for less innocent reasons.

Scammers with malicious intent introduce new links – or corrupt harmless links – below benign looking text or images to route the user to a fake or dangerous site, used to exploit the user. Some of their criminal activities include gathering personal and confidential information from the user, making the user pay for services which they did not intend to – or luring the user to download malware.

A more in-depth analysis can be accessed here:

We check to see if the server sending the email has 100% compliant DMARC records.

This is a global technical standard that demonstrates a secure status. Many institutions do go to the trouble of attaining this status – but a surprising number do not. We think it is important that you know.

For those without the status, they are more vulnerable to being spoofed or impersonated by scammers. It is not a sure sign that they will be and should not affect your decision to engage with it.

For anyone interested in learning about DMARC records visit

SPF is an email authentication method designed to detect where a sender address has been forged during the delivery. It is used in combination with DMARC  to detect the forging of the visible sender in emails, a technique often used in phishing and email spam.

SPF allows the receiving mail server to check during mail delivery that a mail claiming to come from a specific domain is submitted by an IP address authorised by that domain’s administrators. The list of authorised sending hosts and IP addresses for a domain is published in the DNS records for that domain.

DKIM is a check we run that allows the receiver to check that an email claiming to have come from a specific domain was indeed authorized by the owner of that domain. This is done with a digital signature, linked to a domain name, and attached to each outgoing email message. The recipient system can verify this by looking up the sender’s public key published in the DNS

It is a possibility that your email provider does not use the TLS (or Transport Layer Security) protocol that is used by the majority of modern providers (including Gmail and Outlook).  That means QuIPS will reject the email, because it is set to only receive from providers who do. There may be a good reason for this setting as you may be sending from a business address. Try and forward to another email account you use and see if that sends successfully.

We can detect that you have an attachment but haven’t yet developed our own functionality to analyse it. That is coming shortly. For now you should remember to treat any attachment with suspicion if it comes unexpectedly from an unexpected source. Attachments from scammers can be disguised to look like something innocent, when they are actually something more malicious once you click, open or download.

QuIPS should be viewed as a useful tool to check against and receive quick personal guidance. As with any email spam detection tool, it can never be 100% accurate. If you are very unsure about an email, err on the side of caution. You can double check it is legitimate with the sender directly using details from their own website, rather than any contact details found within the email.

IPS can provide no representations, warranties or guarantees, that QuIPS is accurate, complete or up to date enough for members to rely on exclusively.

QuIPS works best with personal email addresses like @gmail and @hotmail.  ​Some company email clients, have security settings which strip out all of the styling, colour and design elements to leave plain text only.

You can still read the text and act on it, but you won’t get the full effect we designed.  Highlight any text you can’t see as your background email colour setting might make it hard to read otherwise.  Ideally, stick to your personal email account to make best use of QuIPS.