Service Update
This article has been updated to reflect additional features enabled for QR Code Scanning; see the section heading: Feature Update - February 2, 2024, below.
| Availability | January 29th, 2024 |
| Product(s) | Email Security Cloud Gateway (CG) |
| Who's affected | Administrators and End Users |
Overview
Mimecast is pleased to announce the first phased release of enhancements introduced to our existing QR Code protections in Email Security Cloud Gateway.
What's changing
- These new product enhancements directly address the latest security trends. Mimecast will identify QR Codes in the body of an email and extract the URL for deep scanning.
- Enhanced 'quishing' protection will help employee inboxes stay clean, enabling customer organizations to Work Protected.
- Deep scanning of QR Code URLs is now live within Mimecast Email Security, and more enhancements to combat 'quishing' will follow.
Initial Deployment Schedule
As the table below indicates, this initial update will be a phased deployment across regions, with more features added once all regions are updated.
| Region / Grid | Date |
| Canada (CA - Grid) | January 29, 2024 |
| Jersey (JE - Grid) | January 29, 2024 |
| South Africa (ZA - Grid) | January 29, 2024 |
| Australia (AU - Grid) | January 30, 2024 |
| Germany (DE - Grid) | January 30, 2024 |
| United Kingdom (UK - Grid) | January 30, 2024 |
| United States of America (US - Grid) | February 1, 2024 |
| United States of America (USB - Grid) | February 1, 2024 |
Feature Update - February 2, 2024
Unlike the initial phased deployment for scanning QR Codes within the email message body, this update will be available to all regions simultaneously.
Attachment Scanning
Mimecast's QR code scanning can now protect customers against malicious QR codes within email attachments. Providing an active URL policy is configured, this feature is available for Inbound, Outbound, and Internal.
If you experience a false positive, please add the identified URL to your Managed URLs list and allow up to 30 minutes for the update to take effect.
Alternatively, a URL bypass policy scoped from the sender will also allow the false positive message containing the identified QR code to be sent outbound. However, this will also bypass all URL scanning for that sender.
Sender-based bypass policies will also bypass all URL scanning of messages configured in that definition for that specified sender(s).
Anti-Spam Layer
Providing you have spam scanning configured and enabled, Mimecast will now combine the QR code scanning results from the email message body and thousands of other signals we extract from an email. If the combinations of these signals resemble a QR code-based phishing campaign, we'll increase the email's spam score.
Based on this spam score, the email will be put on User or Admin Hold or Rejected based on the spam scanning policy set by the customer. Mimecast will not remove the QR Code.
The higher our confidence is in detecting a particular QR code phishing campaign, the higher the spam score will be.
Recommended actions
- This functionality will be applied automatically if you have an active URL Protection Policy. No further action will be required.
- Please review URL Protection Overview to learn more if your account needs an active URL Protection policy.
-
Messages rejected due to QR code scanning will now have this rejection code in your Rejected and Deferred Messages.
You do not require a URL Protection Policy to be enabled, for QR Code protection in the Anti-Spam Layer.
Comments
Please sign in to leave a comment.