What is Spearphishing ?
Generally speaking, the e-mail impersonates a legal entity (financial institution, public service, competitor) or a natural person (work colleague, friend...) with the aim of duping the recipient.
The e-mail usually invites the recipient to open a malicious attachment or follow a link to a malicious website.
For more information on Spearphishing, please consult our article.
How does Mailinblack Protect detect it ?
There are two ways of detecting this type of e-mail :
1. The first check is carried out during SPF checks on the customer's protected domains. If SPF returns a fail for an address originating from a customer's internal domain, then the email will be categorized as Spearphishing.
2. A second check consists of an analysis of various information concerning the sender, such as name, envelope and header addresses, in order to detect attempts to deceive the recipient, and therefore a potential danger.
How can I benefit from Spearphishing filtering?
To benefit from Spearphishing filtering, users must be protected.
The following options must also be activated:
These options can be activated from your Protect interface, Settings tab, then Email filtering.
“Apply filters to detect Spearphishing emails” displays a new Spearphishing tab on your users' interface."
“Apply anti-spam filters to my domains” allows you to categorize as spam emails sent from your domain whose origin has not been verified.
You can also activate the display of Spearphishing e-mails in your stopped e-mail reports. To do this, go to your Protect menu, Settings tab then Stopped emails reports and check the following option:
Spearphishing can be visible in the stopped emails report.
If you recover an email detected as Spearphishing, a warning banner will be present in the email to help the user make the right decision. The banner will also allow you to report false positives.
How to find them on your interfaces?
If you are not a manager of the solution, you can retrieve emails categorized as Spearphishing from your interface:
“Access My protect” - Emails - Category Spearphishing
If you are a Mailinblack solution manager, you can find emails categorized as Spearphishing from your Protect interface in the Emails menu.
Emails are tagged with a purple dot indicating Spearphishing.
You can also track emails categorized as Spearphishing from the same interface :
What should I do if an email from my own domain is categorized as Spearphishing?
If an e-mail from a sender in your own organization is Spearphishing, it's because the sending IP or server has not been entered in your SPF field.
The solution would be for you or your domain manager to modify your DNS zone (on your domain host) to declare all the servers with which you send messages.
You can also authorize users to retrieve Spearphishing e-mails from the Protect/Settings/User authorizations interface.
#protect #mail #security #spearphishing