Phishing

Description

The application users are susceptible to phishing, a social engineering technique in which attackers present themselves as a legitimate entity that the victim trusts and request confidential information (usually credentials). These attacks are often possible due to improperly configured corporate email clients.

Requirements

• 115. Filter malicious emails

• 116. Disable images of unknown origin

• 117. Do not interpret HTML code

• 118. Inspect attachments

• 144. Purge accounts periodically