Views:
In addition to high profile users, Cloud Email and Collaboration Protection allows you to specify high-profile external domains, for example, your partners’ domains or domains of famous brands, which are likely to be forged into cousin domains for spam, phishing, and BEC attacks, for example, vendor frauds.
A cousin domain (or look-alike domain) is a domain that looks deceptively similar to a legitimate target domain, which is well-known or familiar to users. Cousin domains are often used in phishing attacks to steal sensitive or confidential information from users. Cousin domains are usually created by replacing one or more characters (for example, replacing the letter "l" with the number "1") or adding or removing an extra character in the domain name. Without careful inspection of the email addresses, users may not notice the trick and think that an email message is sent from a legitimate domain being forged.
By leveraging the Trend Micro Antispam Engine, Cloud Email and Collaboration Protection can scan domains in email messages (the from and replyto headers) to detect cousin domains of these high-profile domains you have configured and prevent users from spam, phishing and BEC messages.
Note
Note
High Profile Domains apply to Exchange Online and Gmail only.

Procedure

  1. In Cloud Email and Collaboration Protection, go to PoliciesGlobal SettingsUser-Defined ListsHigh Profile List and click High Profile Domains.
  2. Add one or more legitimate sender domains.
    1. Type a domain name, for example, domain.com.
      Wildcard characters and regular expressions are not supported.
    2. Click Add.
      • You can add up to 100 domains.
      • To delete a domain, select the entry and click Delete.
  3. (Optional) Specify one or more domains that Cloud Email and Collaboration Protection excludes from being recognized as cousin domains during scanning.
    Type a domain name and click Add.
    You can add up to 1,000 domains.
  4. Select a detection threshold.
    • Aggressive: This option provides the most number of detections based on fuzzy matches. This is the most rigorous level of spam, phishing, and BEC detection.
    • Normal: This is the default and recommended setting. This option provides a moderate number of detections.
    • Conservative: This option provides the most accurate detections based on near-exact matches.
  5. Click Save.