Granular Workflow Configuration for Potential Partner Impersonation Attacks
Administrators can trigger a specific workflow when the sender domain closely resembles a domain of a partner.
With the release of the new Partner Risk Assessment dashboard, customers get a comprehensive list of their partners, focused on those that are potentially compromised.
Apart from preventing attacks from compromised partners, the list of partners is now also used as a baseline for phishing detections.
When an email comes in from a new sender in a domain that was recently registered, and the domain closely resembles the domain of one of your partners, the Anti-Phishing engine will consider it as a potential phishing indicator.
Furthermore, administrators can now trigger the Phishing or Suspected Phishing workflow in this scenario.
To do that, open Config > Security Engines > Anti-Phishing -> Configure and select one of the options under When the sender domain resembles the domain of a partner
Note – this feature is being deployed gradually. You should see it in your portal by July 28th.