This Rule detects "whaling" attacks. A whaling attack, sometimes called a "whale phishing" attack, is a specific type of phishing attack that targets high-profile employees such as the CEO or CFO. The intention of the attack is to steal sensitive information from a company (since employees that hold high positions within the company tend to have access to sensitive data). In many such attacks, the attacker's goal is to manipulate the victim into authorizing high-value wire transfers to the attacker.
This Rule will Quarantine any emails that are suspected of being whaling attacks.
You can activate executive tracking for specific Active Directory groups on the Group Management screen.
To set up this Rule:
- Visit your USS Dashboard and click Products ⟶ E-mail Security ⟶ Message Rules.
- Click to create a new Rule.
- Give the Rule a sensible name, like "Executive Tracking", and click .
- Add a Direction Condition, with the logic set to Matches: Inbound.
- Add an Executive Tracking Condition, with the value set to Matches: Exact.
- Do not add any Actions.
- Add a Quarantine - Company Final Action, with the value set to Spam.
- Make sure that the Active checkbox is enabled, so that your new Rule will start working immediately.
- Click .
- Drag the new Rule to a sensible position in your Message Rules window. If your Service Provider has set up your account with a set of default Rules, positioning this new Rule above the Deliver Inbound Rule is a good choice.
The completed Rule should look like this: