Phishing and spam

Anti-phishing

Classifications

The following classifications are applied to (potential) phishing emails:

  • Phishing
  • Possible phishing
  • Anti-phishing failure

For details see Operating/Email classifications.

Handling of phishing emails

Based on the configuration, Email Gateway Security can handle (potential) phishing emails in the following ways:

  • Reject,
  • Delete,
  • Quarantine or
  • Deliver.

For details see the Anti-phishing and anti-spam section under Configuration/Policy.

Phishing subcategories

For certain phishing email, Email Gateway Security is able to tell the phishing subcategory of the email.

Supported subcategories

SubcategoryDescription
Spear PhishingE-mail messages categorized as spear phishing includes targeted phishing emails like: spear phishing, business email compromise, sender impersonation, CEO/CFO executive whaling.
ExtortionE-mail messages categorized as extortion includes sextortion, blackmail, hitman scams etc.
Financial PhishingE-mail messages categorized as financial phishing includes phishing emails that involves financial organizations.
Employment ScamE-mail messages categorized as employment scam includes emails like: bogus job offers, work from home scams, cash-handling scams, make money fast etc.
Investment ScamE-mail messages categorized as investment scam includes emails like: penny stocks spam, pump and dump fraud, investment and pyramid schemes, investment seminars etc.
Financial ScamE-mail messages categorized as financial scam includes emails like: fake online loans and grants, financial services, credit card scams, money lending, mortgage, private student loans etc.
Education ScamE-mail messages categorized as education scam includes emails like: diploma/degree mill, illegitimate academic degrees, free education etc.
AdvanceFee ScamE-mail messages categorized as advance fee scam includes scam emails like: nigerian 419 and inheritance scams, unexpected money, up-front payment, advance-fee scams, reclaim scams, fake charities etc.
Lottery ScamE-mail messages categorized as gambling scam includes emails like: gambling activities, casinos, betting etc.
Gambling ScamE-mail messages categorized as gambling scam includes emails such as gambling activities, casinos, betting etc.
Dating ScamE-mail messages categorized as dating scam includes emails like: online dating, bride scams, fake dating sites etc.
Adult ScamE-mail messages categorized as adult scam includes scam emails like: mature/sexual content, porn, sex toys etc.
Pharma ScamE-mail messages categorized as pharma scam includes emails like: diet and enhancement pills, miraculous remedies, narcotics, medical devices, online pharmacies etc.
Sales ScamE-mail messages categorized as sales scam includes emails like: sales of email marketing lists, products, reports/webinars/conferences direct invitations, sellers and buyers scam, fraudulent orders etc.
Travel ScamE-mail messages categorized as travel scam includes emails like: fake vacation rentals, free cruises, phoney points rewards, rental scams etc.
Ecommerce ScamE-mail messages categorized as ecommerce scam includes emails like: all kind of fake websites and online shops.

Dynamic anti-phishing

OPSWAT’s dynamic anti-phishing is a time-of-click analysis solution of URLs in email bodies.

If Enable Dynamic Anti-phishing is turned on under Security Rules > rule / ANTI-PHISHING, all links in the email body will be redirected through MetaDefender.comSafe URL redirect service for URL reputation check.

If the URL turns out to be safe, then the browser is redirected to it immediately without any disruption of the browsing experience.

If the URL is detected as potentially malicious, then a warning screen calls the attention of the user to the possible risk:

Converting HTML emails to text-only

Hyperlinks and other, rich HTML features can be exploited to commit phishing, and other malicious attacks against the recipients of emails with HTML body.

As a counter-measure, Email Gateway Security supports converting emails with HTML body to text only emails.

To enforce the HTML body conversion to text only, the Deep CDR engine in MetaDefender Core needs to be configured to convert HTML to text.

To use the HTML email to text-only conversion, the Deep CDR engine must be licensed, and the MetaDefender Core side Workflow rule – that is in use in the Email Gateway Security side Security Rule – must have Deep CDR enabled.

For details, see Configuration/Policy and Configuration/Server profiles.

Anti-spam

Classifications

The following classifications are applied to (potential) phishing emails:

  • Spam
  • Possible spam
  • Anti-spam failure

For details see Operating/Email classifications.

Handling of spam emails

Based on the configuration, Email Gateway Security can handle (potential) spam emails in the following ways:

  • Reject,
  • Delete,
  • Quarantine or
  • Deliver.

For details see the Anti-phishing and anti-spam section under Configuration/Policy.

Anti-Spam/Anti-Phishing diagnostics

Anti-spam verdict diagnostics is also displayed on the UI which makes it easier to report a false positive/negative verdict towards support. To see the processing history you need to navigate to Audit > Email History and select a specific email in the list.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard