Email security for finance & AP teams

Know which emails your team can trust.

Customs is a second set of eyes on every invoice, payment request, and login email. It reads each one the way a security analyst would — then tells you, in plain English, whether it's safe to act on.

Start free See how it works

✓ No AI required — fully deterministic✓ Nothing leaves your tenant✓ Every verdict explained✓ Set up in minutes

How Customs works

Connect once. Customs does the rest — automatically, on every new email that arrives.

1 · Connect

One approval connects your Microsoft 365 — no passwords, no mailbox changes, no forwarding.

→

2 · It watches

Customs reads every new message in the inboxes you choose, automatically — around the clock.

→

3 · It investigates

It verifies the sender's real identity, follows the links, and reads the intent — the way an analyst would.

→

4 · Plain verdict

Clear, Caution, or Malicious — with the two or three reasons spelled out in plain English.

→

5 · In your inbox

A warning label, a banner, auto-move to a review folder, or a daily digest — whatever you choose.

What it catches

The attacks that actually cost finance teams money — not just spam.

Login & brand phishing

Fake Microsoft 365, Apple, and DocuSign logins, and lookalike senders like lCIoud → iCloud that slip past the spam filter.

Invoice & payment fraud

A vendor “changing their bank details,” or a fake invoice from the wrong domain — checked against the vendors you actually pay (BEC).

Hidden & disguised links

Unwraps shortened and redirect links to their true destination and flags when the link text doesn't match where it really goes.

See it in action

The same engine on a dangerous email and an everyday one — flag what's fake, leave the real mail alone.

⚠ A phishing attempt — what lands in the inbox

⚠

Customs flagged this email — MALICIOUS (99% confidence)

Don't click links or reply — the brand doesn't match the authenticated sender. Verify by phone if it's about payment or login.

lCIoud Support Team via greytHR

<[email protected]>

Customs: Malicious

Complete Verification Immediately

Hello [email protected],
This is the final reminder that you are required to complete your iCloud verification immediately. Failure to complete will result in loss of Photos, Mail, Notes, Contacts and more.
Verify Now →

Customs verdict

✕ Malicious99% confidence · score 85

Why it was flagged — in plain English:

brand impersonation +45

Claims to be iCloud, but was sent from notifications.greythr.com (not apple.com / icloud.com).

auth misalignment +30

Passes email auth — but for greythr.com, not iCloud. A valid signature ≠ a legitimate sender.

urgency / credential +10

Pressure language (“verify immediately,” “final reminder”) typical of credential phishing.

✓ An everyday invoice — left untouched

Contoso Billing

<[email protected]>

Contoso receipt #CUSTPYMT641659

Hi — thanks, your payment of $956.92 was received. Your receipt is available in the billing portal: app.contoso.com/billing.
No banner, no label — a legitimate email is left exactly as it arrived.

Customs verdict

✓ Clear90% confidence · no signals

No red flags found — safe to act on. (Not a guarantee; Customs re-checks if anything changes.) What it verified:

sender authenticated

SPF, DKIM and DMARC all pass and align with contoso.com — the vendor's real domain.

known vendor

Matches a vendor you actually pay; no lookalike domain and no banking-change request.

links clean

The only link goes to contoso.com — no redirect, shortener, or text/destination mismatch.

Protect your inbox in minutes.

Free for one inbox. Upgrade when you want Customs to label, move, and digest automatically. Cancel anytime.

Start free See pricing