OnINBOX labels risky emails that bypass Google’s Phishing Protection

Athletic Greens logo
Athletic Greens logo


Health and Nutrition




United States

Meet the company

Athletic Greens develop a small set of very high-quality nutritional products that empower people to take ownership of their own health in the simplest, most effective way possible. One of the company’s core values is to place people first and they embraced remote working long before Covid-19 forced other organizations to consider it. With over 60 employees around the world, it’s essential that everyone using email can spot phishing.

OnINBOX Threat Protection

Catching threats that bypass the Secure Email Gateway and Google’s Advanced Phishing Protection

With a remote workforce, it’s up to Digital Operations Manager, Jonathan Cupples, to ensure all staff are onboarded with email security best practices in mind to protect them against phishing attacks. Before OnINBOX, this meant training users individually to spot common signs of phishing attacks. Even with a Secure Email Gateway (SEG) in place and Google’s Advanced Phishing Protection, targeted phishing attacks still got through.

Athletic Greens logo

We couldn’t just rely on Google’s phishing protection alone as the email content itself is not checked, but with OnINBOX we’ve added contextual notifications only when relevant to remove the burden from end-users.

Jonathan Cupples Athletic Greens
Jonathan CupplesDigital Operations ManagerAthletic Greens

OnINBOX analyzes modern Business Email Compromise (BEC) techniques to alert end-users

With new starters being targeted and attacks still getting through, Jonathan explained “we couldn’t just rely on Google’s phishing protection alone as the email content itself is not checked”. This was leaving end-users vulnerable to modern BEC attacks that rely on social engineering to trick employees, rather than malicious links or attachments usually picked up by SEGs.

Here’s how OnINBOX detected and labeled these attacks:

  1. 1

    Visible Authentication

    OnINBOX runs DMARC authentication checks not visible to the human eye against every inbound email to determine if the sender really is who they say they are and then alerts users to imposters.

  2. 2

    Advanced Context Scanning

    Natural Language Processing (NLP) powers OnINBOX’s ability to sense check for urgency or sensitive topics and safely scan for social engineering techniques in the same way a human would.

  3. 3

    Contextual Alerts

    If anything suspicious or potentially harmful is detected OnINBOX explains why the email content may harbor risks which Jonathan praised “eases the mental burden on users.”

OnINBOX User ACT Indicators

From short links to malicious links in the supply chain

Athletic Green’s Digital Operations Manager Jonathan Cupples often found that email security training before OnINBOX meant trying to train employees out of clicking on links without hovering over them first. This posed the challenge of asking employees to unlearn ingrained business behaviors. Jonathan explained “No matter how much we tell users not to click short links they’re too focused on work to have it front of mind. As a result, malicious shortened links were often clicked”.

Athletic Greens now have the luxury of everyone having OnINBOX act as a dedicated security analyst that scans for malicious links in every email. Links are also checked against the top one million domains of the internet, alongside sites that look similar to Athletic Greens’ trusted domains (a function available to administrators) for added personalization so that employees are alerted to look-a-like attacks.