Skip to main content
rami78
rami78
New Member
November 19, 2017
Question

Phishing

  • November 19, 2017
  • 2 replies
  • 6508 views

We have been getting a ton of phishing emails lately. They pass through the fortimail without issue, and they contain links (either direct in body or in pdf) to sites that try to harvest email and password.

The websites they are linking to are usually hijacked and therefore usually categoriezed by fortigate as safe (business etc).

 

Is there a way to prevent users from being able to submit their email in forms? I have tried messing around with dlp without success.

    2 replies

    packetpusher
    packetpusher
    New Member
    November 20, 2017

    You may want to submit your question into the FortiMail forum. ref. [link]https://forum.fortinet.com/tt.aspx?forumid=31[/link]

    davzy
    davzy
    New Member
    January 30, 2026

    These emails bypass FortiMail because the links point to legitimate but compromised websites, which is common in many types of phishing attacks. Since the domains are still categorized as safe, reputation-based filtering doesn’t block them.

    Blocking users from submitting email/passwords via DLP isn’t practical. DLP is for data leakage, not web form interaction.

    What actually works:

    • Enable Deep SSL Inspection so FortiGate can detect credential-harvesting forms

    • Use Anti-Phishing profiles with real-time URL analysis

    • Block newly registered / low-reputation domains

    • Enable URL rewriting + time-of-click protection in FortiMail

    • Enforce MFA to neutralize stolen credentials

    This layered approach is the effective defense against modern phishing.

    Terms & ConditionsAccessibility statement