How to block emails with links to download specific attachments in Google Apps
Hello, I had an issue where my google apps domain accounts are being spoofed and an "internal" user sends an email to the rest with a malicious attachment. (.ace) I blocked the specific attachment type using an attachment filter.
I believe I am not blocking .zips because a few of the executives receive .zips from clients and since blocked the .ace attachments we are now receiving emails with links to download a .zip - even our clients are receiving them which is embarrassing.
If we implement blocking .zip (compressed) files, would this filter out this type of email? Or not, because it's actually a link to download a zip not an actual attachment? What can I do to fix this?
Many thanks in advance.
I believe I am not blocking .zips because a few of the executives receive .zips from clients and since blocked the .ace attachments we are now receiving emails with links to download a .zip - even our clients are receiving them which is embarrassing.
If we implement blocking .zip (compressed) files, would this filter out this type of email? Or not, because it's actually a link to download a zip not an actual attachment? What can I do to fix this?
Many thanks in advance.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
David Johnson, CD
advise your customers of what is going on and advise them to be wary and to check for attachments so that they originate from your company and not from data.hu or others, You might want to bring in the local authorities for this.
ASKER
Thank you both for the great feedback.
So even I blocked .zip files from google apps, I am still vulnerable to these types of messages I inquire about since they aren't "attachments" per say.
With respect to the app whitelisting, by this do you mean implementing a solutions from within the Windows infrastructure (gpo, or other features) or within google apps itself?
Cheers
T
So even I blocked .zip files from google apps, I am still vulnerable to these types of messages I inquire about since they aren't "attachments" per say.
With respect to the app whitelisting, by this do you mean implementing a solutions from within the Windows infrastructure (gpo, or other features) or within google apps itself?
Cheers
T
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for clarifying.
So lets say I blocked all .zip's. Is there a way I can allow for specific users? Or I assume no and it will require(as you; previously mentioned) to manually remove them from quarantine?
Lastly, I am still not clear if the type of "attachment" i am receiving will be blocked if I enable block zips. Seeing that it's not clearly a zip attachment. its some sort of link disguised as a pdf file which points to download a zip file.
T
So lets say I blocked all .zip's. Is there a way I can allow for specific users? Or I assume no and it will require(as you; previously mentioned) to manually remove them from quarantine?
Lastly, I am still not clear if the type of "attachment" i am receiving will be blocked if I enable block zips. Seeing that it's not clearly a zip attachment. its some sort of link disguised as a pdf file which points to download a zip file.
T
This can only be answered if you told me what mail client and mail gateway you use. In outlook, we can do the following to block .zip: https://support.microsoft.com/en-us/kb/837388 (please note that this article holds methods for OL2000-2010, but they will apply to 2013 and 2016 as well, you will need to use
HKEY_CURRENT_USER\Software
HKEY_CURRENT_USER\Software
HKEY_CURRENT_USER\Software
HKEY_CURRENT_USER\Software
ASKER
Indeed we use outlook 2010. We use google app sync. I believe our mail gateway is their own.
I would think the easy fix here is to block .zips. But I am afraid but as you said:
"attachments that try to download malware are not stopped"
..as the one we receiving?
I would think the easy fix here is to block .zips. But I am afraid but as you said:
"attachments that try to download malware are not stopped"
..as the one we receiving?
ASKER
I may be confused with the link to a zip with an actual attachment zip file. Are they treated the same by the filters?
No, attachment handling is not connected to link handling. One is simply attachment type blocking, the other is content analysis (surely, you would not want every mail with links in it stopped.
"attachments that try to download malware are not stopped" needs to be understood like this:
1 executables are always blocked.
2 zip files are never blocked by default, they could of course hold executables
3 documents that have macros in them will sometimes try to download malware - these attachment types (like .dotm files, for example) are often not stopped by mail clients. Application whitelisting will not stop the macro execution, but it will stop the execution of downloaded malware that came in through the means of the macro.
What I am trying to say really just is, you can feel quite safe with application whitelisting. No other measure can ensure your safety better.
"attachments that try to download malware are not stopped" needs to be understood like this:
1 executables are always blocked.
2 zip files are never blocked by default, they could of course hold executables
3 documents that have macros in them will sometimes try to download malware - these attachment types (like .dotm files, for example) are often not stopped by mail clients. Application whitelisting will not stop the macro execution, but it will stop the execution of downloaded malware that came in through the means of the macro.
What I am trying to say really just is, you can feel quite safe with application whitelisting. No other measure can ensure your safety better.
always show extensions helps. the default is hide extensions from known file types. Basically one must treat all attachments as potentially harmful. There is no way of allowing some and keeping yourself totally safe.