Email phishing hints

by | Sep 16, 2019 | Business, Cybersecurity

Digital communication is becoming a bigger and bigger part of the working day. Most instructions, including everyday communication and in some cases, actual transactions are done with a one-line email message. Take a quick look at the two emails below. Both could be entirely legitimate requests but one is fake.

From: President Bob
To: Accounting
Subject: Please process transfer

Please send $10,000 to ### via wiretransfer for the Banana Account, we successfully landed the contract!

Bob.
Super Company

From: President Bob <bob@supercompany.com>
To: Accounting
Subject: Please process transfer

Please send $10,000 to ### via wiretransfer for the Banana Account, we successfully landed the contract!

Bob.
Super Company

Can you tell which one is really from Bob? Everything looks completely fine, even the email address in the second example is Bob’s email address. But, that message is forged, made it past a spam filter, and when you send that money off it will be gone.

So, how can you tell if those emails are coming from an internal source when all those From’s and To’s can be faked and no single security system will stop them all? Well, you could open each email and go into the headers to see where the message came from to ensure that when you hit reply you aren’t sending a wire transfer to bigtimethief95@aol.com.cz… Sure, that would work but it will take a lot of time.

The Better Solution

Layer your company’s email security with a ‘human’ intelligence factor that supports your spam filter, so that when you do receive those emails that slip through the cracks, you are alerted to be suspicious. You can do this with a simple server rule that pre-pends your incoming email with a warning:

Message Is From An External Sender – Please verify sender, attachments, and links are safe before opening.

This makes you stop and question the email because Bob isn’t external, he’s emailing you from his work address. With the server rule applied, the message from ‘fake Bob’ would look like:

From: President Bob <bob@supercompany.com>
To: Accounting
Subject: Please process transfer

Message Is From An External Sender – Please verify sender, attachments, and links are safe before opening.

Please send $10,000 to ### via wiretransfer for the Banana Account, we successfully landed the contract!

Bob.
Super Company

Thanks to this simple banner, your bank account just saved $10k and Jill while processing all of those payments stopped, called Bob and asked about the so-called Banana Account and was quickly advised that there is no Banana Account, and then deleted the email successfully and continued about her day.

If you’d like to know how to set this up on your Exchange or Microsoft 365 server, contact us! If you’re not a Smart Dolphins client, here are the instructions on how to do it yourself:

https://docs.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/disclaimers-signatures-footers-or-headers