IRONSCALES

What is IRONSCALES?

Phishing remains the primary cyber attack vector used by cybercriminals. Each day, thousands of phishing emails are received at Brock University. The volume and the evolving nature of these emails have posed significant challenges to Brock’s existing email security solution and require a great amount of manual IT effort to remediate. Therefore, Brock ITS has implemented the IRONSCALES email security solution.

IRONSCALES is an integrated cloud email security and anti-phishing solution that will help protect the Brock community against advanced attacks like business email compromise and account takeovers. IRONSCALES integrates powered automation and advanced threat intelligence to detect and remediate email attacks in just seconds.

IRONSCALES will greatly enhance Brock’s efficiency and effectiveness against phishing attacks.

How to release emails from quarantine

1. You may receive email notifications that you have email(s) that are currently quarantined and have been removed from your inbox.

2. These emails will contain the subject line “Your Quarantined Emails Report.” (See example of a daily report below.)

3. This report displays any emails that have been quarantined from your inbox in the configured time period.

4. If you believe the email(s) were incorrectly put in quarantine or otherwise need access to them, please click the email’s Ask to release link to request for Brock’s ITS to release the email back to your mailbox.

5. Please note in your email the Incident number (IS-XXXXXX) and/or subject of the email in question.

*** When an email is released from quarantine, the email will be returned to your inbox, at the time the email was originally sent. The released email will not appear as a new email at the top of your inbox. Please search the subject or the sender’s information to help locate the email in question. Please reach out to Brock ITS if you have any additional questions ***

IRONSCALES Banners

One common form of a phishing attack is when cybercriminals pretend to be someone you know and try to trick you into stealing your information for malicious purposes. IRONSCALES recognizes those malicious attempts and thus provides an in-mail banner notification.

Here are some common IRONSCALES banners:

Banner Description: You are receiving an email from a sender for the first time.

Banner Description: The sender’s email address may appear to be accurate, but the email may be originating from an impersonated sender.

Banner Description: The sender’s display name is accurate, but the sender’s email address is not. For example: ITS Help Desk <fakeithepdusk@notreal.com>; the ITS Help Desk sender display name is correct, but the sender email address fakeithepdusk@notreal.com is not. The correct sender email address should be ithelp@brocku.ca.

Banner Description: The sender’s display name seems similar but is inaccurate. For example: Info Help Desk <ithelp@brocku.ca>; the sender display name Info Help Desk seems similar, but the correct sender display name should be ITS Help Desk.

Banner Description: The sender’s domain seems similar but is inaccurate. For example: <ithelp@brockedu.com>; the sender’s domain @brockedu.com is not correct, the correct domain is @brocku.ca.

Banner Description: The sender’s display name is a known impersonated address.

FAQs

The volume and the evolving nature of phishing emails have posed significant challenges to Brock’s existing email security solution and require a great amount of manual IT effort to remediate. Therefore, Brock ITS has introduced the IRONSCALES email security solution.

IRONSCALES is being deployed in a phased approach and at this time, not all employees are enabled in the platform.

IRONSCALES integrates powered automation and advanced threat intelligence to detect and remediate email attacks in seconds. The system scans incoming emails but only retains metadata from emails deemed potentially malicious. These data points are kept to help identify and prevent future attempts from the same cyber threat actors.

IRONSCALES automatically analyzes many different elements of an email and then quarantines the email when it has been classified as phishing. IRONSCALES provides users with the capability to view their quarantined emails in the Quarantined Email Report and the option to release a quarantined email to ensure legitimate emails are not blocked or deleted incorrectly.

All emails that are requested for release are thoroughly investigated by ITS before being returned to a user’s inbox. ITS aims to protect users from receiving malicious emails that can lead to account takeovers, identity theft, ransomware and other malicious activities.

Phishing attacks often see cybercriminals pretending to be someone you know in an attempt to trick you into providing your information for malicious purposes. IRONSCALES recognizes those malicious attempts and provides an in-mail banner notification to alert you to look more carefully at the email and the sender’s information.

IRONSCALES banners and descriptions can be found in the Banner Notifications section above.

Any suspicious email, whether legitimate looking or not, that hasn’t been flagged by IRONSCALES should be reported to itsecurity@brocku.ca.

To learn more about how to protect yourself against a phishing scam, please visit the Phishing page on the Brock ITS web site.