Hi,
I am writing here because Fortimail even with Fortisanbbox cloud does not seem to be much good in detecting hyperlinks to phishing forms. Recently we receive quite a lot of e-mails with links to public clouds, especially discordapp.com, googleapis.com, sendgrid, web.app etc. There is usually a fake logon form trying to get usernames/passwords.
Of course we teach our users, we submit samples to Fortinet and to storage providers, but this just does not help. I even wrote an dictionary profile which quarantines messages if the contain links for well-known hosts above, Fortinet should just get better at identifying these and I hope it will soon.
In the meantime, I was wondering - if we had an option to deliberately delay e-mails which contain such links, it may help greatly. If we give more time to cloud providers to shutdown these URLs or simply give more time to antivirus/antispam/sandbox engines to update, we may get better results.
Any help or ideas appreciated.
Thanks,
Petr
