Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Muri
New Contributor III

FortiMail - "Your password expires today" SCAM

Hello,

 

I will need an Idea how to manage or avoid of receiving e-mail messages like this?

Maybe with dictionary?

I tryed a bit with dictionary but it doesn't work as I expected, so I'm asking for help.

 

2024-05-08_14h22_32.png

6 REPLIES 6
dbu
Staff
Staff

Hi Muri, 

May be you are looking to create a banned word options in the AntiSpam profile. 

Have a look at this article as it might help. 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
Muri
New Contributor III

Yes, this is an option but not an optimal option, because some of those words can still appear in legite e-mail messages and then is not ok, to get such mail quarantined :)

Cajuntank
Contributor II

Just adding to this from a "manage these emails" perspective as sometimes, they are just unavoidable... if those kinds of emails make it through the Access Control and IP Policy (I mentioned Geo blocking in another post you made) to the Recipient Policy and still don't get mitigated via the AntiSpam or AntiVirus, the email will likely show up in your end users mailbox. With URL Click protection configured/enabled via the Content profile, you will at least have had the URL rewritten and scanned via FortiGuard and maybe FortiSandbox (if licensed) to help protect your end users even if they do end up clicking on the URL (if it has not been removed by URL Click protection due to triggering certain categories you defined).

AEK
SuperUser
SuperUser

Hi Muri

I think FortiGuard filter would have blocked such e-mail.

Under FortiGuard section, enable IP Reputation, and enable primary URL filter and set it to the "default" URL profile.

AEK
AEK
Muri
New Contributor III

Hello,

There was a problem, that the base URL was not malicious and after click on URL there was a redirect in behind which then opened a malicious site on the end.

So therefore FortiGuard didn't recognize this URL as vulnerable.

AEK

In this case I agree with @Cajuntank , this can be protected by click protection feature.

AEK
AEK
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors