Check Point Email Security | Blog

The API Hidden Folder Trick

Written by Jeremy Fuchs | March 23, 2022

The hidden card trick is a classic staple.

The idea, of course, is to make a card "disappear." 

It doesn't actually disappear. It's just out of sight. But the card is still with the magician, accessible at any time.

It's the ultimate misdirection trick. You think it's gone, and then--poof!--the magician brings it back, much to the crowd's delight.

This is what other API-based solutions do with email.

Because they can't block before the inbox, they have to do something with an offending email.

Different solutions have different ways of handling this. 

One way? Placing the malicious email in a hidden folder. Just like a hidden card trick.

Here's how it works. A malicious email is sent. Because the API system can't block it before the inbox, the malicious email enters the inbox.

After an average of three minutes and three seconds--assuming the end-user hasn't already clicked on it--the email will be removed from the inbox.

Where does it go? Just like the hidden card trick, it doesn't just disappear into thin air, never to be seen again. It goes into a hidden folder. 

Hidden folders are only kind of hidden. First, admins have full access to them. And with a little knowledge of Outlook or Gmail, your end-users can usually find those hidden folders.

But regardless, the offending email remains in your ecosystem. With SOC teams overwhelmed, that "hidden" email may remain there for some time.

A solution that just sweeps malicious emails under the rug is not a solution.

It's just a magic trick. 

And unlike the best magicians, these secrets are easily decoded.