Skip to main content
Skip table of contents

Phishing Rules

The following rules can be used to detect phishing activity in your organization.

Detect Use of Internationalized Domain Names in HTTP an DNS

Rule

Flow_IDN.lrl

Description

This rule scans HTTP and DNS traffic looking for use of International domain names which can contain UTF-16 encoded characters that look like normal letters. This use of IDNs makes it difficult to visually notice that the domain name is not a desired domain.

Detect Potential Phishing

Rule

Flow_SMTPDomainMismatch.lrl

Description

This rule detects email phishing attempts by matching the sender email, the email domain, and the reply-to domain.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close