CyberDrain Launches Free Open-Source Tool To Block Microsoft 365 Phishing Attacks

‘Most anti-phishing tools stop the attack at the email. That’s fantastic,’ says Kelvin Tegelaar , founder of CyberDrain. ‘But phishing doesn’t just come from email anymore. People get phone calls, SMS messages, social DMs with malicious links. Browser protection gives you that second line of defense, after the link is clicked, when traditional email filters can’t help anymore.’

CyberDrain, the MSP-focused developer behind the widely-used CIPP platform, has launched Check, a free and open-source browser extension aimed at stopping Microsoft 365 and Entra phishing attacks.

While most anti-phishing solutions rely heavily on email protection or server-side filters, CyberDrain’s Check acts inside the browser and blocks credential entry on known or suspected phishing pages.

“Most anti-phishing tools stop the attack at the email. That’s fantastic,” Kelvin Tegelaar , founder of Rotterdam, Netherlands-based CyberDrain, told CRN. “But phishing doesn’t just come from email anymore. People get phone calls, SMS messages, social DMs with malicious links. Browser protection gives you that second line of defense, after the link is clicked, when traditional email filters can’t help anymore.”

Tegelaar said earlier versions of the concept included lightweight warnings, such as overlays on suspicious login pages, but those weren’t always enough.

“Users ignore warnings,” he said. “They click through. They still log in. So with Check, we completely block access to those sites. You can’t enter your credentials. Period.”

Check is designed for silent deployment, users don’t have to learn anything new or change their behavior. If a phishing site is detected, the extension stops access, notifies the user and alerts the administrator. No personal data is collected or transmitted, and all the analysis is done locally in the browser. Check is also fully white labeled so MSPs can add their branding and make it their own.

“We're hoping this becomes one of those tools every vendor and MSP contributes to,” said Tegelaar. “We're already seeing support from security researchers, and we're thankful to partners like NinjaOne, who sponsor open-source projects like this. The more eyes we have improving Check, the more resilient it becomes.”

Ashley Cooper, CyberDrain COO, said the trust-building power of open source, especially in the MSP space, is equally important.

“Trust is everything,” she told CRN. “People want to get hands-on and see how things work. That transparency helps build a sense of ownership, of contribution, and that brings more community engagement and more trust.”

She also highlighted the real-world benefits for MSPs including saving time, reducing cognitive load and preventing user mistakes before they happen.

“When you ask an MSP what keeps them up at night, it’s not ransomware, it’s whether a user is going to click on something they shouldn’t,” she said. “Check gives them peace of mind. It’s one less thing to worry about.”

Logan Cook, CTO at Farminton Hills, Mich.-based MSP Bezalu, said Check covers a “critically essential piece” of cybersecurity that most MSPs completely neglect.

“Sure, there are other options out there, but none as flexible, controllable and free as this,” he told CRN in an email. “For MSPs that already have a pretty solid foundation, the types of attacks this will prevent become most of what you see.”

Looking ahead, CyberDrain plans to expand Check’s functionality beyond Microsoft 365 and Entra. While Google has similar protections built in, Tegelaar envisions Check evolving to protect other SaaS tools often targeted by phishing campaigns, like HubSpot, Salesforce and various CRM platforms.

“We’re absolutely open to supporting more apps,” he said. “The vision is to make phishing protection simple, customizable and scalable for MSPs, no matter what stack their clients are running.”