Phishing mail disposal

Phishing email found

The ways of discovery are as follows ： Mail system abnormal login alarm 、 Employees report 、 Abnormal behavior alarm 、 Email honey bait alarm

It is recommended to access the intelligence data of Weibo or Qianxin . What happens to the content of the email URL Do a scan , You can find a lot of abnormal Links

Phishing mail disposal check items - FreeBuf Network security industry portal

Management

Block the sites involved in phishing email content in the office area 、URL visit

According to the actual situation of the office environment, you can manage online behavior 、 Router 、 Shielding on the switch

The content of the email involves domain name 、IP Should be shielded

To visit the intranet of phishing websites IP For recording , In order to trace the possible consequences of subsequent investigation

Block phishing emails

Block phishing email source email domain name

Block phishing email sources IP

If possible, it can be shielded according to the email content

Delete phishing messages that are not received by the client on the mail server

Users who receive phishing emails

Log backtracking according to the sender of phishing mail

In addition to checking how many people receive phishing emails , We also need to check whether the company's address book is leaked . use TOP500 The attack method of sending phishing emails by hitting the database with surnames is relatively simple compared with the subsequent protection . If it is found that the company's address book sequence is used, it is necessary to check the leakage time of the address book according to the resignation of the address book and the new employees . After all, targeted social work libraries are more powerful than TOP100、TOP500 Much larger

Notify users who have received phishing emails to process

Delete phishing messages

System encryption

Complete anti drug campaign

follow-up ： Tracing to the source 、 Staff training to enhance safety awareness