I recieved a PDF containing a link to a fraudulent site that looked like a login for Office365. I tried to sumit it to Symantec via the normal submissions process, but they rejected it because it did not contain a malicious payload, only a link to a dangerous site! So the technician was unable to help me in any way other than point me to this idea site.
I don't know if this capability already exists or how it is updated, so apologies if this exists and I just don't know how to use it:
1) need a mechanism (IPS definition, browser integration, etc.) to block or alert users browsing to a website with bad reputation, low domain delta (e.g. goog1e.com), newly created, reported to be fraudulent, etc. to keep users from going to bad sites or make them wary of entering credentials.
2) This mechanism should also scan for links within legitimate file types - email (preferably blocked at edge, but at leats at endpoint), word, PDF, etc. - anything that can allow a link out to the site.
3) There needs to be a mechanism to update reported fraudulent sites/links.
Thansk,
-Mike