Configuring High Profile Domains

In addition to high profile users, Cloud App Security allows you to specify high-profile external domains, for example, your partners’ domains or domains of famous brands, which are likely to be forged into cousin domains for spam, phishing, and BEC attacks, for example, vendor frauds.

A cousin domain (or look-alike domain) is a domain that looks deceptively similar to a legitimate target domain, which is well-known or familiar to users. Cousin domains are often used in phishing attacks to steal sensitive or confidential information from users. Cousin domains are usually created by replacing one or more characters (for example, replacing the letter "l" with the number "1") or adding or removing an extra character in the domain name. Without careful inspection of the email addresses, users may not notice the trick and think that an email message is sent from a legitimate domain being forged.

By leveraging the Trend Micro Antispam Engine, Cloud App Security can scan domains in email messages (the from and replyto headers) based on the settings you configure to detect cousin domains of these high-profile domains and prevent users from spam, phishing and BEC messages.

Note:

High Profile Domains apply to Exchange Online and Gmail only.

  1. Go to Administration > Global Settings > High Profile Domains.

    The High Profile Domains screen appears.

  2. Add one or more legitimate sender domains.
    1. Type a domain name, for example, domain.com.

      Wildcard characters and regular expressions are not supported.

    2. Click Add.
      • You can add up to 100 domains.

      • To delete a domain, select the entry and click Delete.

  3. (Optional) Specify one or more domains that Cloud App Security excludes from being recognized as cousin domains during scanning.

    Type a domain name and click Add.

    You can add up to 1,000 domains.

  4. Select a detection threshold.
    • Aggressive: This option provides the most number of detections based on fuzzy matches. This is the most rigorous level of spam, phishing, and BEC detection.

    • Normal: This is the default and recommended setting. This option provides a moderate number of detections.

    • Conservative: This option provides the most accurate detections based on near-exact matches.

  5. Click Save.