Granular Workflow Configuration for Potential Partner Impersonation Attacks

Administrators can trigger a specific workflow when the sender domain closely resembles a domain of a partner.

With the release of the new Partner Risk Assessment dashboard, customers get a comprehensive list of their partners, focused on those that are potentially compromised.

Apart from preventing attacks from compromised partners, the list of partners is now also used as a baseline for phishing detections.

When an email comes in from a new sender in a domain that was recently registered, and the domain closely resembles the domain of one of your partners, the SmartPhish engine will consider it as a potential phishing indicator.

Furthermore, administrators can now trigger the Phishing or Suspected Phishing workflow in this scenario.

To do that, open Configuration > Security Engines > SmartPhish -> Configure and select one of the options under When the sender domain resembles the domain of a partner

Note – this feature is being deployed gradually. You should see it in your portal by July 28^th.