About anti-phishing scans

Kaspersky Security can scan messages for phishing and malicious URLs.

Phishing URLs lead to fraudulent websites designed to steal personal data of users, such as bank account details. A phishing attack can be disguised, for example, as a message from your bank with a link to its official website. By clicking the link, you go to an exact copy of the bank's website and can even see the bank site's address in the browser, even though you are actually on a spoofed site. All of your further actions on the website are tracked and can be used to steal your private data.

Malicious URLs lead to web resources designed to spread malware.

To protect Microsoft Exchange servers against phishing and malicious URLs, the application uses databases of URL addresses that have been tagged as phishing or malicious URLs by Kaspersky. The databases are regularly updated and are included in the Kaspersky Security delivery kit.

While scanning messages for phishing and malicious URLs, the application analyzes not only URLs but also the message subject, contents, attachments, design features, and other message attributes. The scan also uses heuristic algorithms and requests to the Kaspersky Security Network (KSN) cloud services if the use of KSN is enabled in the Anti-Spam settings. With the help of KSN, the application receives the latest information about phishing and malicious URLs before they appear in Kaspersky databases.

On detecting phishing or malicious URLs in a message, the application tags it as Phishing. You can choose actions to be taken by the application on messages with this status. The following operations are available for selection:

• Allow. The message is delivered to recipients unchanged.
• Reject. An error message is returned to the sending server (error code 500), and the message is not delivered to the recipient.
• Delete. The sending server receives a notification that the message has been sent (code 250), but the message is not delivered to the recipient.
• Add SCL and PCL rating. The application adds a spam confidence level (SCL) rating of 9 and a phishing confidence level (PCL) rating to 8 to messages. On arriving in the Microsoft Exchange mail infrastructure, messages with a high PCL rate (more than 3) are automatically directed to the Junk E-Mail folders, and all URLs contained in them are deactivated.
• Add label to message subject. Messages with Phishing status are marked with a special [!!Phishing] tag in the message subject. You can edit the text of this tag.