Skip to content
New: AI verdicts in plain language.
Scampilot
Use case · IT & security

Spot spear-phishing without swapping your mail server.

One forward connector. One Outlook add-in. One SIEM webhook. Scampilot sits next to your Microsoft 365 or Google Workspace and only speaks up when something's off.

Request an IT demo See the setup
"Our filters catch 95 %. The last 5 % - targeted CEO fraud - costs us the most money."- IT lead, mid-size manufacturer
Where Scampilot plugs in Not a replacement for Exchange Online Protection or Google Spam - for the personalized mails that slip past every classic filter.
01
The gap

Classic filters see patterns. Spear-phishing wears a suit.

What fools your filter isn't „Win an iPhone now!!!“ - it's a properly written mail in your CFO's name to accounting, asking for an urgent wire transfer.

BSI 2024 report: Business Email Compromise caused nine-figure damages in Germany alone. Average incident: €47,000. The escalation almost always looks the same: correct letterhead, polite tone, plausible reasoning - and pressure to hurry.

Your existing infrastructure is tuned for bulk spam. It looks at sender reputation, send frequency, known phishing templates. A carefully crafted mail from cfo-extern@yourcompany.example looks normal to it.

Scampilot picks up exactly there. It checks the semantic layer: who is being asked to do what? Does the tone push urgency? Does the domain match the claimed sender org?

What Scampilot isn't Not a replacement for Microsoft Defender for Office, Mimecast, or Proofpoint. We're a second opinion - for the 5 % that slipped through.
Where we excel Personalized requests, lookalike domains, account-takeover attempts, fake invoices, fraudulent supplier banking details.
02
Setup

Three integration paths, depending on your maturity.

From „pilot in two days“ to „wired into the compliance pipeline“ - pick what matches your pace.

01

Forward connector (two days)

Add a rule in your helpdesk Outlook / Gmail: forward all reported suspicious mails to a Scampilot address. Report comes back as a reply, plus a webhook push to your SIEM. No code change, no new contract with your mail provider.

02

Outlook add-in / Gmail add-on (two weeks)

"Check with Scampilot" button right inside the mail UI for your employees. We deliver the add-in as a sideloadable package or via the app store. Manifest, signature, privacy statement - all included.

03

REST API + SIEM (sprint 1)

A dedicated pipeline step before delivery. All inbound mail through Scampilot, webhook push of reports to Splunk, Elastic, Microsoft Sentinel, or Sumo Logic.

03
What you get

Per mail: verdict, reasoning, evidence.

Exactly the format your SOC knows - with severity, indicators, and a signed audit entry.

Verdict enum

safe / warn / danger. Three levels, fixed. No scale inflation, no 10-step custom severities.

Signals with evidence

credential_request, urgency, lookalike_brand, payment_demand - each with a concrete quote from the mail.

Authentication

SPF, DKIM, DMARC from email headers feed into the prompt and into the signal set.

Cost telemetry

Per report: input_tokens, output_tokens, model_used. Per employee, per department - aggregatable.

Audit trail

Append-only database log of all token creations, report views, deletions. Available on request as CSV.

Heuristic fallback

If the AI provider is down, Scampilot keeps running rule-based. The report is flagged heuristic-fallback - your SIEM sees when it happened.