how to prevent phishing email with SMG

Article:TECH197354  |  Created: 2012-09-26  |  Updated: 2012-11-03  |  Article URL http://www.symantec.com/docs/TECH197354
Article Type
Technical Solution


Issue



some best practice for SMG to prevent phishing mail attack


Solution



1.            Upgrade to SMG v10 – The upgrade allows customer to take advantage of Customer-Specific Rules and the easy submission process with Symantec Email Submission Client (Exchange environments)
2.            Submit missed spam to junk submission
3.            Probe network participation- Enabling as many Probe emails accounts as possibly so that local targeted phishing attacks are automatically being sent to our STAR engineers and analysts. It will help to track spam and enable Symantec  to learn from it. The intelligence that Symantec gains from probe accounts enables continuous improvement of the rules that govern spam filters. Better filters mean fewer spam intrusions on your network. Detailed information is available at http://www.symantec.com/docs/HOWTO53758
4.            Enable URI Stats – Please check if this feature is enabled at customer’s as this feature provides us visibility into URLs
5.            Enable Sender ID Authentication for a predefined list of domains(SPF on a global basis, DKIM on a per domain basis) – this could assist in potentially minimizing phishing attacks.
6.            As there are couple ongoing open cases from this customer, it will be helpful to do an overall health check on the product. 
7.            As we are constantly looking for ways to help on phishing attacks detection, it is also important to have end user education on this. Here is a list of best practice for customer’s reference.
•       Be cautious when clicking on URLs in emails or social media programs, even when coming from trusted sources and friends
•       Do not click on shortened URLs without previewing or expanding them first using available tools and plug-ins
•       Be cautious  when providing information via social networking sites
•       Be suspicious of search engine results and only click through to trusted sources when conducting searches
•       Be suspicious and think before you click: Never view, open, or execute any email attachment unless you expect it and trust the sender.
•       Use a Web browser URL reputation solution that shows the reputation and safety rating of Web sites from searches.
•       Never disclose any confidential personal or financial information unless and until you can confirm that any request for such information is legitimate.
•       If you are entering personal or financial details online, look for visual cues that identify safe websites. Scan the web page for a trust mark, such as the VeriSign Trust Seal.
•       Review your bank, credit card, and credit information frequently for irregular activity. Avoid banking or shopping online from public computers (such as libraries, Internet cafes, etc.) or from unencrypted Wi-Fi connections.
•       Track brand abuse via domain alerting and fictitious Web site reporting.
•       Use HTTPS when connecting via Wi-Fi networks to your email, social media and sharing Web sites. Check the settings and preferences of the applications and Web sites you are using.
•       Always be sure that your operating system is up-to-date with the latest updates, and employ a comprehensive security suite.

8.            Following all the anti-spam best practices http://www.symantec.com/business/support/index?page=content&id=TECH90043
9.            If  their domain is being spoofed they could create a local rule to block external messages faking "From" their domain
10.          Ensuring LDAP directories are configured and they are taking recommended actions for invalid recipients
11.          SMG has the ability the restrict the maximum number of recipients per message (The default is 1,024 recipients). So this option is useful when the phishing email is sent to multiple users per email based on source IP address,  but this option could also restrict clean emails.
 




Article URL http://www.symantec.com/docs/TECH197354


Terms of use for this information are found in Legal Notices