ETP Support - How to Forward a Suspicious Email for Investigation
How to Forward a Suspicious Email for Investigation
Email Threat Prevention (ETP) is a tool that prevents most malicious emails from being delivered to your inbox by placing them in quarantine. However, some threats are too new and have not yet been identified as malicious by Trellix or Ostra before being delivered to your inbox. In other situations, the email itself doesn't raise any flags but contains a link to a site where the user is asked for login credentials, which will then be used to steal sensitive data. This is why it is important to always be vigilant and understand that cyber security tools are only one piece of securing your information.
Every time a potential threat is reported to Ostra, security analysts investigate and follow this protocol if it is indeed malicious:
- Investigate if it was delivered to any other clients and remove it
- Block the sender or domain for all clients
- Report the threat to Trellix
- Run a full scan on the computer used to access the email if needed
What to Do
If you receive an email that looks suspicious and want Ostra to investigate it, please send it as an eml attachment. This will provide more useful information upfront than simply forwarding the email, and that will allow the security analyst to investigate right away instead of requesting and waiting for the eml file. Below, you will find instructions for forwarding the eml file in Outlook and Gmail.
*** If you clicked on a link or provided any personal information, be sure to include that information in the email to Support so that your case is prioritized accordingly. Also, please provide the device name so a scan can be initiated if endpoint protection is installed. ***
Instructions for Outlook
1. Click on the ellipsis for more options.
2. Click on Other reply actions, then Forward as attachment.
3. Add any relevant information in the body of the email. If your email signature does not include a phone number, please provide one in case the security analyst needs to reach you. Send to support@ostra.net to automatically generate a support ticket.
Instructions for Gmail
1. Check the box next to the email to be investigated, then click on the kebab (vertical ellipsis) for more options.
2. Click on Forward as attachment.
3. Add any relevant information in the body of the email. If your email signature does not include a phone number, please provide one in case the security analyst needs to reach you. Send to support@ostra.net to automatically generate a support ticket.
