Triage Suspicious Emails
Analyze a suspicious email's headers, links, and content to quickly determine whether it is a phishing attempt before taking any action.
Detect Executive Impersonation Attempts
Identify business email compromise attacks where fraudsters impersonate executives to request wire transfers or sensitive data.
Tool
Business email compromise attacks targeting executives — CEO fraud, CFO impersonation, wire transfer requests — are among the highest-cost security incidents companies face. The emails are carefully crafted to look legitimate: the display name matches the executive, the tone is authoritative, and the request has a plausible business reason. Standard spam filters often miss them entirely.
Phishing Email Checker analyzes the full email — header-level sender authentication, display name spoofing, reply-to address mismatches, and content patterns — to surface the signs of impersonation that humans under time pressure miss. The check takes seconds and produces specific evidence, not just a suspicion score.
Finance teams, executive assistants, and IT security teams use this to verify unusual requests before acting on them, particularly any email requesting a wire transfer, credential change, or urgent confidential action.
Agent Guides
Claude
- Connect ToolRouter in Claude: claude mcp add toolrouter -- npx -y toolrouter-mcp
- Forward or paste the suspicious executive email with full headers into the conversation.
- Ask Claude to run `check_email` via `phishing-email-checker` with a note that this is a potential executive impersonation.
ChatGPT
- Connect ToolRouter in ChatGPT: {"mcpServers":{"toolrouter":{"command":"npx","args":["-y","toolrouter-mcp"]}}}
- Paste the email with full headers and specify that this is a suspected executive impersonation.
- Ask ChatGPT to run `check_email` via `phishing-email-checker`.
Copilot
- Connect ToolRouter in Copilot: {"mcpServers":{"toolrouter":{"command":"npx","args":["-y","toolrouter-mcp"]}}}
- Extract the email headers and content from your email security pipeline.
- Ask Copilot to run `check_email` via `phishing-email-checker` with a flag indicating executive-impersonation check.
OpenClaw
- Connect ToolRouter in OpenClaw: openclaw mcp add toolrouter -- npx -y toolrouter-mcp
- Export emails flagged as potential BEC attempts from your email gateway or SIEM.
- Run `phishing-email-checker` with `check_email` for each email and collect results in a normalized schema.
Related Use Cases
Audit Email Links Before Forwarding
Check all links embedded in an email before forwarding it to colleagues or clicking them yourself.