Phishing & Malware Control - Zoho Mail

The Phishing and Malware section in the Admin Console provides multiple options to control spoofing or other fraudulent activity with respect to your organization's emails. You can decide on the actions that need to be taken on certain look-alike domains that send emails to your organization, ensure that the display names of important people in your organization are not spoofed, and further set up a spam check on emails with certain types of content or HTML tags.

Table of Contents

Cousin Domains:

Cousin Domains are domain names that are very similar to any other valid domain name. If you expect a domain to send genuine emails, but want to mark an email from any other variations of the domain name as spam, you can add it in this section.

For example, if 'zylker.com' sends genuine emails, but emails from 'zylker1.com' needs to be processed for spam, you can add zylker.com here.

  1. Login to the Zoho Mail Admin Console.
  2. Go to the Security & Compliance menu, and select Phishing & Malware .
  3. Select the Cousin Domains option.
  4. In the Email Delivery Action dropdown, select the actions for emails that have look-alike domain names.
    1. If you select None, no action will be taken.
    2. If you select Move to spam, the email will be moved to the spam folder of the email recipient.
    3. If you select Move to quarantine, the email will be moved to the quarantine list, from where the admin will have to process if further.
  5. You can also choose to Include Internal Domains, which means that all of your organization's domains will undergo the cousin domains check by default. So, any domain name that is similar to yours will undergo the specified action.
  6. Now, click Add, enter the domain names for which cousin domain check has to be done, and click Add Domain.
  7. You can also choose to include the domain names by click on Import, and selecting a CSV file which has all the domain names. 
  8. In the Email Delivery section, select the action for emails that have similar domain names.
  9. In the Domain List, enter the names of domains for which the cousin domain check has to be done.

The Cousin Domains feature is especially useful in cases where an email sender might try to trick recipients with a valid domain name. For example, you might expect the domain webhosting.com to send valid emails to your org users. So, when an email arrives from user@vvebhosting.com, your org members might consider it legitimate, but the email sender has tricked the recipient by replacing the 'w' in webhosting.com with 'vv'. In cases like these, the Cousin Domains feature comes into play. 

Display Name Fraud:

You can control the fraudulent usage of display names by setting up the respective conditions for emails that violate your customization. You can set up a display name and associate one or more email addresses with this display name in the Zoho Mail Control Panel. For example, consider the email address ceo@mydomain.com, you can ensure that if an email with the display name 'CEO' arrives from any other email address, the action defined by you is taken on this email address.

Follow the below steps to add a policy to prevent display name fraud:

  1. Login to the Zoho Mail Admin Console.
  2. Go to the Security & Compliance menu, and select Phishing & Malware .
  3. Select the Display Name Spoofing option.
  4. In the Email Delivery Action section, select the action for emails that have spoofed display names.
    1. If you select None, no action will be taken.
    2. If you select Move to spam, the email will be moved to the spam folder of the email recipient.
    3. If you select Move to quarantine, the email will be moved to the quarantine list, from where the admin will have to process if further.
  5. Now, click Add>>Add using email addresses.
    add users 
     
  6. Enter the display name, and the email addresses that can be associated with this name, and click Add Users.
    add user details

You will be able to see a list of the Display Names and the respective Email Addresses that you have added in the list.

For users with alias email address, you can quickly add the user's primary email address along with their alias addresses without having to manually enter each email address. 

  1. Click Add>>Search and add organization users. A list of your organization users along with a text box to enter the display name appears as a pop-up window.
    add org users
  2. Search for the user you wish to add. If you wish to provide a different display name for the user, you can enter it in the Display name text box. Else, you can leave that box empty.
    separate display name
  3. Click Add. A window pops up listing the user along with their alias email addresses if any. It will ask for confirmation whether you wish to associate the user's primary email address and their alias email addresses along with their display name. If the user has no alias email address, it will ask for confirmation only to associate the user's primary email address with their display name.
  4. Click Add with Aliases if you want to add the user's alias email address along with their primary email address.
  5. Click Add if you want to associate only the user's primary email address with their display name. 
    add with aliases

You will be able to see the Display Name and the respective Email Addresses that you have added in the list.

Furthermore, to avoid display name spoofing, Zoho Mail will show the sender's display name only if the sender is in your contacts or if you have had a previous conversation with the sender. Otherwise, only the sender's email address will be shown. For example, consider you get an email from rebecca@zylker.com who has Rebecca as her display name. The display name Rebecca will be shown only if rebecca@zylker.com is already in your contacts or if you have had a previous conversation with her. Otherwise, only the email address rebecca@zylker.com will be shown to avoid display spoofing.

Phishing Simulator

One of the most prevalent and insidious dangers faced by organizations worldwide is phishing attacks. Scammers often send phishing emails that contain links to fake websites or attachments. If interacted with, these could potentially compromise sensitive information or install malware on the recipient's device, posing a significant threat to the organization's security. 

To mitigate the risk of users falling for these phishing emails, organization administrators can send simulated emails mimicking the tactics used by real attackers to their users using Phishing Simulator. These simulated emails help administrators identify areas where their users may be vulnerable to phishing attacks and educate or train them to take proactive measures to strengthen the overall security posture of the organization. 

Note:

  • This feature is available only to organizations that have subscribed to one of our paid plans.
  • As of now, the Phishing Simulator feature is available only for users in specific regions. It will be enabled for other regions in a phased manner.

Steps to set up a phishing simulation for your organization users:

  1. Log in to Zoho Mail Admin Console and select Security & Compliance in the left pane.
  2. Select Phishing & Malware, and then select Phishing Simulator.
  3. Click the Add button to create subsequent phishing simulators, or click the Create new simulation button if you haven't created one before.
  4. Enter a Name and Description for your simulator, then click Proceed
  5. In the Mail Template tab, click Create new template to generate a new template, or select one from our system templates provided. 
  6. You can also create one from your already existing templates listed under Organization templates.
  7. Hover over a template to do the following actions:
    • Send a test email
    • Preview template
    • Copy the HTML code
    • Delete template
  8. If you are creating a new template, enter a Sender Name, Email Address, and Subject for your simulated phishing email in the Customize Mail Template section.
  9. Click the placeholders that you would like to add to your email content to autofill the users' contact data.
  10. Select the checkbox to redirect your users to a system-generated landing page provided by Zoho Mail, and copy the Placeholder URL to add it to your email content.
  11. Draft the email content according to your preferences and add the placeholders.
  12. Once done, click Save template & Proceed.
  13. Select the preferred system-generated landing page, if selected in the previous step. If not chosen, you can still copy the HTML code of our landing page to include in your email.
  14. Once done, click Proceed.
  15. Select the users you would like to send these phishing emails to.
  16. Once you finish creating the emails, you can choose one of the following options:
    • Send me a test email : Sends a test email to your inbox.
    • Create new simulation : The created phishing email will be created and sent to the chosen users.

Managing simulated emails & Statistics

In the Phishing Simulator section, administrators can view the list of simulations created for the organization's users and their statistical data. By clicking the View statistics button next to the simulation name, you can view a donut chart representation of the simulation statistics, such as opened emails, clicked links, replied emails, and emails marked as spam. 

Click on a simulation to view the following information:

  • General : This tab displays the general details of the simulation, such as the status of the simulation, phishing mail details, associated users, etc.
  • Statistics : In this tab, you can view the simulation statistics in card view format, along with the simulation participants list and their respective actions taken on the phishing email. Click the filter icon to filter the users based on certain conditions.

Malware Processing:

To ensure that emails your org members receive do not have any harmful scripts or tags, you can choose the content types or the HTML tags that you do not want to allow, and any emails containing these tags, will be moved to the user's spam folder.

  1. Login to the Zoho Mail Admin Console.
  2. Go to the Security & Compliance menu, and select Phishing & Malware .
  3. Select the Malware Processing option.
  4. In the Content-based Spam Settings option, you can see 4 content types (web bugs, bulk emails, JavaScript, macros)  listed.
  5. Select the types that you think might be harmful, and emails containing the content types selected will be moved to spam.
  6. Next, in the HTML Tags-based Spam Check option, 4 tags (frame, object, embed, form) will be listed.
  7. Select the tags that you think might be harmful, and emails containing these tags will be moved to spam.

Note:

All the features in the Phishing & Malware section will be available only for paid account users.

Still can't find what you're looking for?

Write to us: support@zohomail.com