PhishML read attachments
We've gotten a few phishing messages recently that PhishML has labeled as 100% clean and it looks like a limitation in PhishML. The messages are typical fake invoices but instead of the contents being in the body of the email, the body is empty and the contents are in an attached PDF. I can't find anywhere in the documentation that PhishML does anything with attachments. Since the attachment itself is benign, simply containing instructions and not malware, VirusTotal also says it's clean.
If PhishML was able to read contents of attachments and score those as well, I think it would be helpful. I know that it probably wouldn't be able to read through text stored as images, or complex spreadsheets, so there would probably be caveats if such a feature was implemented. However, something is usually better than nothing, so I thought I would bring it up.
-
Hello Dmitry,
Thank you so much for bringing this up regarding PhishML and attachments! I've shared your feature request with our Development Team. While I can't give an ETA or guarantee, all changes are posted here for PhishER: https://support.knowbe4.com/hc/en-us/articles/360014088973
Kindest regards,Kelsey Leonard
KnowBe4
Kirjaudu sisään jättääksesi kommentin.
Kommentit
1 kommentti