Proofpoint Essentials Best Practices to Protect Your Business From Phishing

As businesses increasingly rely on digital communication channels, email security has become a top priority for organizations of all sizes. That’s why many businesses turn to Proofpoint Essentials, a cloud-based email security solution that provides protection against email threats such as phishing, spam, and malware. While Proofpoint Essentials is a powerful tool that filters spam and dangerous emails, it doesn’t catch everything, so getting the most out of it requires following best practices to ensure optimal security. I’ll share my recommendations for those implementing Proofpoint Essentials and explore some of the best practices that add an additional layer of defense.

You will need to add exceptions for the banks that add html attachments, but once you have configured these, 95% of the emails will be phishing attempts.

Configure the filter to trigger on the following: 

*.html,*.html.,*.htm,*.htm.,*.HTM,*.HTM.,*.hTm,*.hTm.,*.shtml,*.shtml.,
*.SHTML,*SHTML.,*.shtm,*shtm.,*.xhtml,*.xhtml.,*.shtm,*.shtm.

You’ll notice that extra period.  You’ll receive phishing emails with .html. attachments.

I quarantine the emails and hide them from non-admin users.  I don’t want my users to see the phishing emails.  You’ll need to stay on top of your emails to make sure there are no false positives.

ipfs.io is actively used in phishing emails.  

Configure the filter to trigger on the following:

ipfs-dweb-link.translate.goog,dweb.link,ipfs.com,ipfs.io,cf-ipfs.com

This looks inside the email for those references. Again, I recommend hiding these emails from non-admin users.

Hackers will send emails using your employee names.  I recommend adding all executives plus your finance team to this as a minimum.  Depending on the size of your company and your automation, you could add all employees, but you’d need to ask every employee for their personal email.

Configure the filter to trigger on the following:

From: John Smith,From: "John Smith"

This is a “best effort” filter.  Proofpoint looks for an exact copy, so if we receive an email with John.Smith or “ John Smith” (with the extra space), then it won’t match.  You need to add the user’s email addresses to the exception.  Your corporate mail may route to the MX record instead of staying internal, so you’ll need to exempt the corporate address too.

Email security is critical for any business, and Proofpoint Essentials is a powerful solution that can help protect against email-based threats. By following these recommendations, you can ensure that you are getting the most out of Proofpoint Essentials and maximizing the security of your organization’s email communications.

We’re hiring!

If this sounds exciting to you and you’d like to help the Security Engineering team deliver an even better experience with automation and security, please see our current openings.