Anti-Phishing mail protection

Phishing is an attempt to obtain sensitive information such as usernames, passwords, bank account or credit card details and PIN numbers via email or web pages disguised as a trustworthy entity. This activity is usually done for malicious reasons. It is a form of social engineering (manipulation of users in order to obtain confidential information).

ESET Mail Security includes anti-phishing protection which prevents users from accessing web pages known for phishing. In case of email messages that may contain links which lead to phishing web pages, ESET Mail Security uses sophisticated parser that searches message body and subject of incoming email messages to identify such links (URL's). The links are compared against phishing database. If the result of evaluation is positive, email is considered to be a phishing message and ESET Mail Security deals with it according to Action to take on phishing message setting for each protection layer (Mail transport protection, Mailbox database protection and On-demand database scan).

Supported email body format standards:

Plain text

HTML

TNEF

Phishing messages might contain HTML entities exlink to obfuscate anti-phishing engine. The anti-phishing protection also parses and translates symbols of HTML entities to find and correctly evaluate obfuscated URL's.

A single character can be represented in different forms. For example, a period can be represented in the following forms:

How links usually appear in the email message to the user

Value

Obfuscated links contained in the message body

Type

http://www.example-phishing-domain.com/Fraud

.

http://www.example-phishing-domain.com/Fraud

character

http://www.example-phishing-domain.com/Fraud

.

http://www.example-phishing-domain.com/Fraud

entity name

http://www.example-phishing-domain.com/Fraud

.

http://www.example-phishing-domain.com/Fraud

entity hexadecimal number

http://www.example-phishing-domain.com/Fraud

.

http://www.example-phishing-domain.com/Fraud

entity decimal number

To see the activity of Anti-phishing mail protection, check Log files > Mail server protection log. It will contains information about email messages and their phishing links that were found.

Report a phishing site

Click Report exlink enables you to report a phishing or otherwise malicious web site to ESET for analysis.