The Following article provides a Overview of the Features of the Targeted Forensic Fraud Filter feature of the Advanced Threat Protection (ATP) Service. Please read it carefully.
The service is responsible for identifying and preventing spear phishing attacks that target mainly departments or single persons in the company having the authority to release any possible bank transfers. The mechanism is only intended to cover a few decision-makers within the company. There will be no global check on the domain.
The filter will use a multitude of different heuristics and mechanism to identify such emails:
- Intention Recognition System: Checks the email for any content patterns (e.g. requests for bank transferral, requesting sensitive information, etc.)
- Fraud Attempt Analysis: Checks the integrity and authenticity of meta data and mail content
- Identity Spoofing Recognition: Identifies and blocks faked senders
- Spy-Out Detection: Checks if any sensitive information is requested (e.g. passwords)
- Feign Facts Identification: Checks the email for any attempts to gain information by feign facts
- Targeted Attack Detection: Detects aimed attacks towards a specific person
- You must enable ATP before attempting to initiate the Targeted Forensic Fraud Filter.
This can be done at any time through the Control Panel. To do so, you will only have to enable the service under "Management > E-Mail > ATP"
- Basic SPF Checking must be enabled. Please see our article on SPF Checking for instructions on how to create an SPF record and how to enable SPF Checking Type 1 (basic) or Type 2 (advanced).
The Target Fraud Forensic Filter as well as the URL Rewriting will need to be enabled through our customer support. Enabling the ATP filter through the Control Panel alone will not be sufficient.
Please email email@example.com asking for the Forensic Fraud filter to be enabled with the Following information.
- A list of email addresses, including First Name, Last Name and associated alias email addresses for each.
- If SPF checking is not already enabled
- Confirmation that an SPF record is in place
- the Type of SPF checking to enable
If you do not specify this last item it will be assumed to be Type 1 and enabled for you.
If you haven’t done so yet, you can sign up for a free ATP trial on our website Here.