Phishing Detection

Enabling anti-spam in the email security gateway profile also enables phishing violation detection.

  • Anti-spam and phishing violations are recorded as separate events.

    Note: Local scan does not support separate phishing detection. If local scan is enabled, phishing is recorded as spam. Separate phishing detection in attachments is also not supported. The Summary Report does not separate phishing violations from anti-spam violations.
  • Phishing events will be displayed separately in the Top Threat Detection widget, the Internet Security logs, and the raw logs.

  • Two new reports are available for phishing event detections: Top N Users Detected by Anti-Phishing and Top N Groups Detected by Anti-Phishing

  • Phishing can be detected at all sensitivity levels.

  • Phishing has a higher priority than spam. If an email scan detects both spam and phishing violations, the detection is recorded as a phishing violation.

  • Approved Senders / Blocked Senders configuration acts on phishing emails as if they were acting on spam. Emails will not be scanned for phishing when the sender is in Approved Senders list. The email will be blocked if the sender is in Blocked Senders list.