Anti-Phishing settings
April 22, 2024
ID 177810
With the help of the Anti-Phishing protection module, you can protect your company mailboxes against phishing, spoofing, conversation hijacking, BEC attacks and malicious links that can be sent in email messages.
Phishing links lead to fraudulent websites designed to steal the personal data of users, such as bank account details. A phishing attack can be disguised, for example, as a message from your bank with a link to its official website. If you click the link, you are redirected to an exact copy of the bank's website, and the browser might even display the bank website's address. However, you are actually on a spoofed (fake) website. All of your actions on the website are tracked and can be used to steal your personal data.
In spoofing and conversation hijacking attacks, malicious senders forge email addresses and content of the messages to be considered trustworthy by the recipients.
By means of email address spoofing or conversation hijacking, BEC attackers hold themselves out as persons the email recipients should trust to gain illegal advantages.
Malicious links lead to web resources designed to spread malware.
The application detects phishing, spoofing and malicious links according to the detection rules developed by the Kaspersky experts. Kaspersky regularly updates rules and methods of detecting phishing and malicious links.
While scanning messages for phishing, spoofing, BEC attacks and malicious links, the application analyzes not only links, but also the message subject, contents, design features, and other message attributes. The scan makes use of Kaspersky Security Network (KSN) cloud services. With the help of KSN, the application receives the latest information about phishing links and malicious links before they appear in the Kaspersky databases.
When creating a security policy, you can specify the Anti-Phishing settings.
Anti-Phishing mode
You can enable one of the following operation modes:
- Recommended mode: regular detection procedure
- Enforced mode: supplementary detection of unclear content similar to phishing
Actions to be taken by the application
In the Action area, specify what the application must do with messages in which it detects phishing and malicious links along with unclear content similar to phishing:
- Delete and quarantine message
- Move to Junk Email folder
- Allow through
- Tag the subject
This option is available for the Allow through and Move to Junk Email folder actions.
- Delete permanently: deleted messages cannot be recovered
Note that if you select Enforced mode: supplementary detection of unclear content similar to phishing, messages containing only unclear content similar to phishing will not be deleted permanently, but moved to Quarantine.
Notifications
In the Notifications area, configure notifications that will be sent automatically:
- Notify administrators about detections
- Notify mailbox owner about deleted messages
This option is available for the Delete and quarantine message and Delete permanently: deleted messages cannot be recovered actions only.
Allowlist
In the Allowlist area, configure allowed senders: