Hi,
I am writing here because Fortimail even with Fortisanbbox cloud does not seem to be much good in detecting hyperlinks to phishing forms. Recently we receive quite a lot of e-mails with links to public clouds, especially discordapp.com, googleapis.com, sendgrid, web.app etc. There is usually a fake logon form trying to get usernames/passwords.
Of course we teach our users, we submit samples to Fortinet and to storage providers, but this just does not help. I even wrote an dictionary profile which quarantines messages if the contain links for well-known hosts above, Fortinet should just get better at identifying these and I hope it will soon.
In the meantime, I was wondering - if we had an option to deliberately delay e-mails which contain such links, it may help greatly. If we give more time to cloud providers to shutdown these URLs or simply give more time to antivirus/antispam/sandbox engines to update, we may get better results.
Any help or ideas appreciated.
Thanks,
Petr
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.