Lab 4b: Preventing Cloud Phishing

Estimated Time: 15 minutes

Purpose: Configure a DLP rule in Netskope to prevent phishing attempts by blocking submissions of corporate email addresses and passwords on platforms like Google Forms.

Review existing DLP Rule for Phishing

Step 1 Navigate to Policy > DLP > Edit Rules > Data Loss Prevention Rules. Build a rule to trigger on corporate email addresses (@company.demo) + passwords. Click New Rule.

Step 2 Add predefined password identifiers and a custom regex for corporate emails.

• Select "Passwords (Common)" and "Passwords (Secure)".
• Set the regex to detect emails: [a-zA-Z0-9._%+-]+@company.demo.
• Ensure the configuration combines email addresses and password identifiers.

Save the rule and apply it to a new DLP profile for blocking phishing attempts.

Testing the Configuration

Step 1 Test the policy using the following sample form:

[https://docs.google.com/forms/d/e/1FAIpQLSeuq5BnjifExxv7hmY5yaC0xBDyAk1IlEbxCEnqhG72brnGmQ/viewform]

Step 2 Use test data such as:

• Email: test@company.demo
• Password: a common password like passw0rd1 or a secure password.

You can generate secure passwords using tools like passwordsgenerator.net or LastPass.

Step 3 Verify that the policy blocks the submission. Check SkopeIT under Incidents > DLP to confirm alerts and forensic data.

Please inform your instructor once you’ve completed this lab.