Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Muri
New Contributor II

Created on ‎05-08-2024 05:26 AM

FortiMail - "Your password expires today" SCAM

Hello,

 

I will need an Idea how to manage or avoid of receiving e-mail messages like this?

Maybe with dictionary?

I tryed a bit with dictionary but it doesn't work as I expected, so I'm asking for help.

 

2024-05-08_14h22_32.png

Labels:
322
0 Kudos
6 REPLIES 6
dbu
Staff
Staff

Created on ‎05-08-2024 08:06 AM

Hi Muri, 

May be you are looking to create a banned word options in the AntiSpam profile. 

Have a look at this article as it might help. 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
271
0 Kudos
Muri
New Contributor II
In response to dbu

Created on ‎05-09-2024 12:41 AM

Yes, this is an option but not an optimal option, because some of those words can still appear in legite e-mail messages and then is not ok, to get such mail quarantined :)

200
0 Kudos
Cajuntank
Contributor II

Created on ‎05-08-2024 08:30 AM

Just adding to this from a "manage these emails" perspective as sometimes, they are just unavoidable... if those kinds of emails make it through the Access Control and IP Policy (I mentioned Geo blocking in another post you made) to the Recipient Policy and still don't get mitigated via the AntiSpam or AntiVirus, the email will likely show up in your end users mailbox. With URL Click protection configured/enabled via the Content profile, you will at least have had the URL rewritten and scanned via FortiGuard and maybe FortiSandbox (if licensed) to help protect your end users even if they do end up clicking on the URL (if it has not been removed by URL Click protection due to triggering certain categories you defined).

263
AEK
SuperUser
SuperUser

Created on ‎05-08-2024 08:58 AM

Hi Muri

I think FortiGuard filter would have blocked such e-mail.

Under FortiGuard section, enable IP Reputation, and enable primary URL filter and set it to the "default" URL profile.

AEK
AEK
258
0 Kudos
Muri
New Contributor II
In response to AEK

Created on ‎05-09-2024 12:40 AM

Hello,

There was a problem, that the base URL was not malicious and after click on URL there was a redirect in behind which then opened a malicious site on the end.

So therefore FortiGuard didn't recognize this URL as vulnerable.

201
0 Kudos
AEK
SuperUser
SuperUser
In response to Muri

Created on ‎05-09-2024 12:47 AM

In this case I agree with @Cajuntank , this can be protected by click protection feature.

AEK
AEK
198
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.