Solved

Will WSA protect from phishing emails?

  • 24 June 2013
  • 6 replies
  • 89 views

Userlevel 7
Hi,
 
I get a lot of phishing emails in my spam filter in one of my web based email addresses(yeah I was anything but careful at the beginning of using the internet). And most of those are very obvious and common very often warned about in forums, tech news sites, etc. That clicking on the links would get me in trouble.
 
I was wondering if WSA would protect me from the phishing scams. That is even if I click on the links would WSA protect me? I know Web filter blocks websites with malware. But will it block the phishing sites, scams etc?
 
Best Wishes,
Amit
icon

Best answer by RetiredTripleHelix 24 June 2013, 16:40

View original

6 replies

Userlevel 5
Based on what I have read (please correct me if I am wrong) but WSA identity shield will alert you if your browser attempts to access a malicious site. In other words if you were to click on the link it will determine if the site is malicious or not and alert you.
Userlevel 7
Badge +56
WSA is much different as I use Outlook 2010 and WSA does not waste time scanning emails but if you click on the phish email link and it's a known bad site it will be blocked and if it downloads lets say an Exploit then that's when WSA will jump in some that I get have a Zipped Attachment so the best thing to do is delete them! Most times I save the attachment and scan it with WSA to see if it's detected or not and if it is WSA will remove it if not I send the part of the scan log that shows the MD5 line of the file to support to add detection and lets say you save or just run the file it will be block if known and if not that's when the Monitoring & Journaling starts and when it is determined bad it will remove the infection and Rollback to the pre-infection state same goes for Web Mail don't click on links of phish emails so that is where it comes down to you to be smart and I identify phishing emails and delete them or find out how to report them to the real organization then you can forward it to them.
 
I don't recommend anyone to save or click on unknown Links or Attachments in Phishing emails unless you know how to handle them it's best to report or just delete them!
 
HTH,
 
Daniel
 
Userlevel 7
Badge +56
Funny thing just happened I got 2 Phish Spam emails with Attachments and I saved them and tried to open and WinZip says the files are corrupt or invalided archive so I get many of those too. Also look at all the other email addresses as I removed mine. ;)
 
But I again don't recommend anyone to do this and just report or delete them.
 
Daniel
 
[-] c:usersdanieldownloadsinv_#06546442538_06212013.zip [MD5: D838D4ECD82822F635CA02F1F4A0C2D5] [Flags: 00000000.0]
[-] c:usersdanieldownloadssecuremessage_d192h3c7yd22vyd.zip [MD5: EDC5F2561ABCF7D3C0DA8DEB15A42A5D] [Flags: 00000000.0]
 


 


 

Userlevel 7
Thats the infection that is doing the rounds. Its a pain as some of the phising emails look quite good if you dont know what to look for you can get caught out. Generally speaking unless you have ordered something you shouldnt be opening emails from a delivery company! Even then you should NEVER open a email that has a .exe attachement!
 
Payroll_.exe
Invoice_.exe
DHS_Parcel_notice.exe
Fed_ex-notice.exe
Userlevel 7
Badge +56
@Rakishness wrote:
That's the infection that is doing the rounds. Its a pain as some of the phasing emails look quite good if you don't know what to look for you can get caught out. Generally speaking unless you have ordered something you shouldn't be opening emails from a delivery company! Even then you should NEVER open a email that has a Exe attachment!
 
Payroll_Exe
Invoice_Exe
DASH_Parcel_noticed
Fed_ex-noticed
Exactly even though the 2 I got and usually get are zip files with and .exe inside but the 2 above were corrupt.


 
Daniel
Userlevel 7
Thanks a lot Tony, Daniel and Roy.:)

Reply