Hi, we have seen an increase in the number of Phishing related emails landing in Inboxes, being bypassed by the gateway and Sentinel. In all cases, the emails are coming through as a basic email with either a .eml or .msg attachment. This attachment then contains a further attachment (sometimes looking like a PDF/Invoice etc)
Clicking this takes to a Phishing web page (link protection also ignores it)
Content of the attachment is showing signs of a typical "Phish" eg -
"Good Day, Please find the attached payment slip for wire transfer remitted to your bank account.
Attached also the corresponding invoices.
My colleague is out of office on emergency leave and I am incharge of sales and payment now.
Please inform all when you receive payment. Also advise on shipment schedule for our previous order.
in a couple of cases, our Endpoint protection has picked up/blocked any forward clicks, but Barracuda is allowing them through
I've considered looking at managing .eml and .msg attachments via the content policies but have read that it can disrupt a LOT of genuine mail due to the methods other providers transmit mail
I'd be grateful if anyone has had any similar experiences and/or had success in blocking?