Handling Phishing Scams

doughender
Kilo Explorer

‎01-30-2017 11:09 AM

Hello,  

I am new to this forum and have only been in ServiceNow for about a half year. Where I could use help with is in the "phishing" area. We get buried in phishing e-mails almost on a daily basis. We have an e-mail address where these can be sent that automatically opens an incident in ServiceNow and assigns it to our Security group. These incidents are also created through e-mails that come through our Help Desk e-mail account and are reassigned to the security group manually. We spend a great deal of time sifting through these for bad websites, bad attachments and compromised accounts.     I am curious to know how others are handling phishing?

(Cross listed with the Higher Ed SIG)      

Thanks,     Doug

0 Helpfuls
  • 2,771 Views
9 REPLIES 9

doughender
Kilo Explorer
In response to jarodm

‎02-07-2017 07:09 AM

Thanks JarodM. We've been working to get a demo of the Threat Intelligence product. Our sales team was recently switched (last week) so we hope to see that soon. Currently, we are having the phishing e-mails forwarded to a phishing e-mail account that is directed to ServiceNow where an incident is automatically generated and assigned to our security group for processing. The e-mails are then assigned to one of two problems: one for e-mails w/suspicious websites, one for e-mails w/suspicious attachments. The security group reviews these and handles them accordingly. They also see if the e-mail came from one of our accounts. That is then processed also. If the Threat Intelligence module does not work out for us we would like to automate the process I just outlined and have the websites, attachments, and account process automated and the end-user notified automatically.



Thanks,



Doug


0 Helpfuls

Dave Smith1
ServiceNow Employee
ServiceNow Employee

‎02-07-2017 07:34 AM

Threat Intelligence and IoCs/Observables sounds like what you're after.



You may want to discuss the issue with your postmaster - there are a number of filters that can be placed at the mail gateway to block unwanted emails, such as RBLs, content filtering etc, so they never get as far as the end users.


0 Helpfuls

gregbaker
Tera Contributor

‎06-30-2025 10:54 PM

 

2a.jpg

 

0 Helpfuls