ThouShaltNotClick — Phishing Protection & Training

Catches phishing in Gmail and Outlook. Real-time link analysis, breach alerts, and in-context security training.

v1.9.64 — Major reliability + protection update 🚨 NEW: Account-takeover detection on verified senders. When a "trusted" sender's account is compromised and starts sending classic scams (gift card requests, wire fraud, urgency tactics), the trust badge no longer overrides to green — it surfaces a clear "verified sender + scam language detected — possible account takeover" warning. 🛡️ NEW: Master vault control syncs every 5 minutes. When your admin disables the password vault platform-wide, all browsers see the change within minutes instead of next login. Plus defense-in-depth gates so stale browsers can't leak save prompts. 🤖 IMPROVED: AI Email Analysis now shows specific failure reasons ("Daily AI limit (10/day)", "Sign in to use AI", "Session expired") instead of generic "Failed". When AI scores under 30, the email is queued for your admin's review rather than silently dropped. 📋 NEW: Trust-badge override when AI flags a sender the heuristic missed. If our AI says 8/100 but the local engine said 99/100, the badge updates to match AI's verdict so you don't see a misleading green score. 🚨 IMPROVED: Heuristic engine catches more scams. New invoice/renewal scam detection (fake McAfee/Norton/Geek Squad/PayPal charges), spam-folder cap (emails in Gmail Spam or Outlook Junk never display >50/100), invoice phone-callback detection. 🛡️ NEW: "Trusted by colleagues" badge when your coworkers have collectively marked a sender as safe — crowd-sourced positive reputation, org-scoped only. ⏳ NEW: Offline-friendly buttons. When our API is briefly unreachable, Report/Mark Safe/Alert clicks now show "Saved — will send" and auto-retry every 5 minutes instead of losing the action. 🔐 NEW: Session-expired UX. If your auth session ages out mid-action, the button shows "Session expired — click extension icon to sign in" instead of a cryptic "Invalid token" error. Plus a "!" badge appears on the toolbar. 🧐 IMPROVED: 10-second "undo" on Report Suspicious / Report Safe / Community Alert buttons. Misclicks are cancellable in-flow. 🐛 FIXED: Community Alert button bug (was throwing "analysis is not defined" on click). 📅 COMING SOON: Calendar spam auto-decline (Google + Microsoft Calendar integration in next major version). 🎨 New extension icon matching our website favicon (green shield). What's New in v1.9.51 Renamed to "Phishing Protection & Training". Description updated to reflect current feature set. Password Manager will be deployed in a future update. What's New in v1.9.47 Better detection of a rising scam: emails pretending to give away high-value items ("estate downsizing", "free piano in memory of my late father", etc.). These often hook a reply and then demand shipping/handling payment. Also calibrated the warning tone — emails in the "Use Caution" range no longer show "DANGER" prose. The trust score speaks for itself. "Quick report" buttons in Gmail injection. What's new in v1.9.39 Adds SMS as an MFA option for Vault Master Password entry. Various bugfixes. What's new in v1.9.23 Fixes the Quick Link Scanner — pasting a URL into the popup's scanner now correctly authenticates with our backend and shows the safety verdict. Previously the result would briefly flash and disappear without showing anything. Updated Sandbox Link Checker URL to sandbox.thoushaltnotclick.com What's new in v1.9.20 Major update accumulating improvements since v1.9.2. Sign in with Microsoft is now available in the extension popup, alongside Google SSO and email/password. Faster phishing detection on Gmail and Outlook. Password vault upgraded to Argon2id key derivation for stronger encryption. Have I Been Pwned breach checks on a smarter background schedule. Vault auto-fill more reliable across login forms. Sandbox iframe analyzer hardened. Defense against impersonation token sync to keep platform-admin sessions clean. ThouShaltNotClick adds a quiet layer of protection inside Gmail and Outlook — analyzing every link, every sender, and every header, then warning users in plain language before a click can do harm. Phishing protection A clear trust badge appears in the email header, with green for safe, yellow for caution, and red for danger. Each warning explains why a message looks suspicious — never just a score — so users learn what to watch for over time. Hover any link to see where it actually leads, even when the visible text says otherwise. A one-click report sends suspicious emails to your administrator for verification, helping protect everyone in your organization. Password manager The built-in vault stores passwords with strong client-side encryption — a zero-knowledge design where only you can decrypt your data. Saved logins autofill on supported sites, and the extension can offer to save new credentials when you sign in. Personal email addresses can be checked against known data breaches so you know when to rotate a compromised password — using a privacy-preserving check that never sends the password itself. Site safety The extension icon shifts color based on the current page — giving you an at-a-glance read on whether the site you're on has been flagged. When new threats are reported and verified by an administrator at one organization, protection updates for everyone using the extension. Built for organizations who care about their people ThouShaltNotClick was built specifically for Catholic schools and faith-based organizations — and works equally well for any team that needs phishing protection without enterprise complexity or pricing. Administrators can enroll an entire staff in minutes, and managed Chromebook deployment is supported. Privacy Your passwords and vault contents are encrypted on your device before they reach our servers. We cannot read them. Email content is analyzed locally; no message body is sent to our servers unless you explicitly request a deeper analysis. We do not collect browsing history. Get started Sign in with your existing ThouShaltNotClick account, or create one free at https://www.thoushaltnotclick.com. Created by a Catholic — accessible to all.