Phishing detection and education

Phishing involves an attempt to obtain personal information like passwords or credit card numbers via email while pretending to be a trusted entity. For example, an email message that purports to be from a known financial institution or popular web site may actually be an attempt to steal personal information.

The phishing detection and education function provides cloud-based analysis of an inbound message for phishing email characteristics. To use the phishing detection and education feature, your subscription must include the Forcepoint Email Security Hybrid Module. It is necessary to successfully register with the email hybrid service before you configure phishing detection and education capabilities. See Email hybrid service configuration.

Functionality requires rules to be defined that determine which sender domains are analyzed and how a suspected phishing email is handled. Suspect email may be treated the same as spam (blocked and saved to a spam queue) or be replaced by a message that educates the recipient about phishing attack email.

Dashboard charts and presentation reports can be configured to display suspected phishing attack data.

The page Settings > Inbound/Outbound > Phishing Detection includes the following tabs for configuring phishing detection:

  • Phishing Rules, which contains a list of all your phishing rules. A default rule applies to domains that are not included in any other defined rule. See Adding a phishing detection rule

    The default rule cannot be deleted. Delete any other phishing rule from the list by marking its associated check box and clicking Delete, then clicking Save to Cloud Service.

    .
  • Phishing Education Pages, which contains a list of all the education pages you have defined. A default page applies when a custom page is not specified for a phishing rule. See Creating a phishing education page.

    Delete any phishing education page (except the default page) from the list by marking its associated check box and clicking Delete. You may not delete a page that is being used by a phishing rule.

    Click Save to Cloud Service only if you receive an error message regarding a synchronization issue with the cloud service.