This article contains some Best Practices on how to prevent phishing emails with Symantec Messaging Gateway.
The following points may help mitigating or resolving phishing attacks on Symantec Messaging Gateway (SMG) 10.x or later.
- Upgrade to the latest available version.
- Ensure that the Appliance Status is good and no alerts or abnormal behaviors are reported.
- Consider enabling Customer-Specific Rules. More information on the product's administration guide.
- Consider implementing Symantec Email Submission Client (Exchange environments) in the scenario.
- Perform regular Missed Spam Submissions to Security Response. More information in the "Related Articles" section.
- Consider enabling Probe Network participation. More information in the "Related Articles" section.
- Consider enabling URI Stats. More information on the product's administration guide.
- Consider enabling Sender Authentication such as SPF and/or DKiM for the protected domains. More information on the product's administration guide.
- Ensure that appropriate Guidelines are provided to the protected end-users, as the ones listed below.
- Ensure that the Best Practices for Spam protection are applied. More information in the "Related Articles" section.
- Consider creating some Content Filter Rules to protect from spoofed domain addresses.
- Consider enabling Recipient Validation for the locally protected domains, using the recommended action of 'Reject'. More information on the product's administration guide.
General Guidelines for End-Users
- Be cautious when clicking on URLs in emails or social media programs, even when coming from trusted sources and friends
- Do not click on shortened URLs without previewing or expanding them first using available tools and plug-ins
- Be cautious when providing information via social networking sites
- Be suspicious of search engine results and only click through to trusted sources when conducting searches
- Be suspicious and think before you click: Never view, open, or execute any email attachment unless you expect it and trust the sender.
- Use a Web browser URL reputation solution that shows the reputation and safety rating of Web sites from searches.
- Never disclose any confidential personal or financial information unless and until you can confirm that any request for such information is legitimate.
- If you are entering personal or financial details online, look for visual cues that identify safe websites. Scan the web page for a trust mark, such as the Norton Secured Seal.
- Review your bank, credit card, and credit information frequently for irregular activity. Avoid banking or shopping online from public computers (such as libraries, Internet cafes, etc.) or from unencrypted Wi-Fi connections.
- Track brand abuse via domain alerting and fictitious Web site reporting.
- Use HTTPS when connecting via Wi-Fi networks to your email, social media and sharing Web sites. Check the settings and preferences of the applications and Web sites you are using.
- Always be sure that your operating system is up-to-date with the latest updates, and employ a comprehensive security suite.
This feature allows configuring as many Probe emails accounts (a.k.a. "honey pots") as possible so that local targeted phishing attacks are automatically being sent to Symantec Security Response. The intelligence that Symantec gains from probe accounts enables continuous improvement of the rules that govern spam filters. Better filters mean fewer spam intrusions on protected networks. Detailed information is available below.