Helping to prevent future phishing attacks

[r3zon8]

we recently had a compromised account that was being used to send out spam. shortly after, that account was used to send phishing emails to other local users on our domain therefore allowing the attacker to gather even more valid credentials of good accounts.

the phishing attacked asked the users to verify account information by following a link and entering their credentials. in the body of the message the URL appeared as a known/good URL: http://mail.mydomain.com , but the actual link the users were taken to was something much different.

is it possible to assign a spam score to messages that are found to have these misleading links in the body so that they are tagged as spam and not delivered? and/or how to best prevent these attacks?

[phoenix]

Quote:

Originally Posted by r3zon8

we recently had a compromised account that was being used to send out spam. shortly after, that account was used to send phishing emails to other local users on our domain therefore allowing the attacker to gather even more valid credentials of good accounts.

You need to implement Strong Password policy, you can do that in the Admin UI.

Quote:

Originally Posted by r3zon8

the phishing attacked asked the users to verify account information by following a link and entering their credentials. in the body of the message the URL appeared as a known/good URL: http://mail.mydomain.com , but the actual link the users were taken to was something much different.

You're never going to stop 100% of this type of email, this is essentially a user education problem.

Quote:

Originally Posted by r3zon8

is it possible to assign a spam score to messages that are found to have these misleading links in the body so that they are tagged as spam and not delivered? and/or how to best prevent these attacks?

How can you determine these links are misleading? Use RBLs and some of the checks that are already in the anti-spam system, check the wiki for details of what can be done.