How to configure Email Security for Phishing mail?
The following depicts a sample configuration of Email security for Phishing mail.
Phishing is a type of online scam where criminals send an email with a fake website and asking you to provide sensitive information.
An example of phishing attack:
1. Attacker creates an fake banking websites which copy the content from real banking website
2. Attacker sends user an phishing emails with an embed URLs to ask change the new banking password
3. User opens the mail then click to the embed URLs, it redirects user access to fake banking websites.
4. User enters the current banking account when they attempt change the password
5. Attacker gets the user’s banking account and can steal user’s money
How it works
Gateway inspects the email content to detect the embedded URLs. With Anti-phishing enhancement, ATP gateway inspects the mail content to detect the embedded URLs.
Set up Phishing on ATP
1. In the ATP, go to Configuration > Security Service > Email Security to enable Check Mail Phishing that allows gateway inspects the embed URLs in the email
Test the Result
1 Go to Monitor > Security Statistics > Email Security to observe mail phishing logs
Monitor > Security Statistics > Email Security
2 Go to Monitor > Security Statistics > Email Security to collect Email security statistics
What Can Go Wrong?
1 Make sure the Anti-Spam default service port is SMTP or POP3 by CLI
Router# show utm-manager anti-spam defaultport
2 It does not support SSL inspection.
3 The ATP can inspect email up to 50KB. If the mail size greater than 50KB, gateway will inspect the first 50KB from the header.