1.4 Set 'Allow hyperlinks in suspected phishing e- mail messages' to 'Disabled'

Information

This policy setting controls whether hyperlinks in suspected phishing e-mail messages in
Outlook are allowed.
If you enable this policy setting, Outlook will allow hyperlinks in suspected phishing
messages that are not also classified as junk e-mail.
If you disable or do not configure this policy setting, Outlook will not allow hyperlinks in
suspected phishing messages, even if they are not classified as junk e-mail. The
recommended state for this setting is- Disabled.

*Rationale*

Outlook 2010's Junk E-mail Filter evaluates each incoming message for possible spam or
phishing content. Suspicious message detection is always turned on.By default, Outlook handles suspicious messages in two ways-. If the Junk E-mail Filter does not consider a message to be spam but does consider it
to be phishing, the message is left in the Inbox but any links in the message are
disabled and users cannot use the Reply and Reply All functionality. In addition, any
attachments in the suspicious message are blocked.

If the Junk E-mail Filter considers the message to be both spam and phishing, the
message is automatically sent to the Junk E-mail folder. Any message sent to the
Junk E-mail folder is converted to plain text format and all links are disabled. In
addition, the Reply and Reply All functionality is disabled and any attachments in
the message are blocked.The InfoBar alerts users to this change in functionality. If users are certain that a message is
legitimate, they can click the InfoBar and enable the links in the message.Users can change the way Outlook handles phishing messages in the Junk E-mail Options
dialog box by clearing the Disable links and other functionality in phishing messages
(Recommended) check box. If this check box is cleared, Outlook will not disable links in
suspected phishing messages unless they are classified as junk e-mail, which could allow
users to disclose confidential information to malicious Web sites.

Solution

To implement the recommended configuration state, set the following Group Policy setting
to Disabled.

User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Trust
Center\Allow hyperlinks in suspected phishing e-mail messages

Impact-Disabling this setting enforces the default configuration in Outlook 2010, and is therefore
unlikely to cause significant usability issues for most users.

See Also

https://workbench.cisecurity.org/files/530

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3a.

Plugin: Windows

Control ID: 7eeeea8fd169fedbbf4853daca4e06104b91f76a0e0db4801e9b868b15c078bb