1. A method comprising(a) detecting, by a driver, that an application received a request of a user to take an action with respect to one of an untrusted domain or an untrusted email;
(b) intercepting, by the driver, the request of the user prior to the action being taken, wherein the application is paused;
(c) providing, by a client service responsive to the driver, a user interface to receive input from the user to confirm whether to continue to take the action or to revert back to a point in the application at which the user made the request, wherein the user interface receives input to revert back to the point in the application at which the user made the request;
(d) unpausing the application responsive to the input; and
(e) reverting the application back to the point in the application in which the user made the request.