ESET Online Help

Search English
Select the topic

Anti-phishing protection

Phishing is an attempt to obtain sensitive information such as usernames, passwords, bank account or credit card details via email or web pages disguised as a trustworthy entity. This activity is usually done for malicious reasons. It is a form of social engineering (manipulating users to obtain confidential information).

ESET Mail Security includes anti-phishing protection which prevents users from accessing web pages known for phishing. In the case of email messages that may contain links that lead to phishing web pages, ESET Mail Security uses a sophisticated parser that searches the incoming email message's subject and body to identify dangerous links (URLs).

The links are compared against a phishing database. If the evaluation result of evaluation, the email is considered a phishing message and ESET Mail Security manages it according to Action to take on phishing message setting for each protection layer (Mail transport protection, Mailbox database protection and On-demand mailbox database scan). Rule actions are also executed.

Supported email format standards:

Plain text

HTML-only

MIME

Multipart MIME (an email that includes both HTML and plain text)

ESET Mail Security can detect URLs containing homoglyphs encoded in Punycode. Meaning that an email with a forged URL resembling a well-known bank, insurance company, or retailer has some letters swapped for similar-looking letters from a different alphabet, trying to trick the user into thinking it is legitimate. Such email is marked as phishing.

Supported HTML entities:

Phishing messages might contain HTML entities to obfuscate the anti-phishing engine. The anti-phishing protection also parses and translates HTML symbols to find and correctly evaluate obfuscated URLs.

A single character can be represented in different forms. For example, a period can be represented in the following forms:

How links usually appear in the email message to the user

Value

Obfuscated links contained in the message body

Type

http://www.example-phishing-domain.com/Fraud

.

http://www.example-phishing-domain.com/Fraud

character

http://www.example-phishing-domain.com/Fraud

.

http://www.example-phishing-domain.com/Fraud

entity name

http://www.example-phishing-domain.com/Fraud

.

http://www.example-phishing-domain.com/Fraud

entity hexadecimal number

http://www.example-phishing-domain.com/Fraud

.

http://www.example-phishing-domain.com/Fraud

entity decimal number

To see the anti-phishing mail protection activity, check the Log files > Mail server protection log. The log contains information about emails and their phishing links.

Report a phishing site

You can click Report a phishing site to notify ESET of a phishing or malicious website.