We recently experienced a phishing attack where a finance team member received an email requesting a large wire transfer. This email mimicked a legitimate conversation involving our CFO, but it was actually a fake chain. The attacker cleverly used a look-alike email in the CC field, such as cfo'[email protected] (with an apostrophe), making it appear genuine. Luckily, our accountant caught this subtle indication and reported it before any action could be taken. I'm curious if anyone has figured out reliable methods to catch or block these kinds of phishing attempts, especially since I've heard that Microsoft filters may not scan the CC field effectively.
5 Answers
Have you set up any impersonation filtering? That might help with these types of phishing attempts. Just keep in mind that Microsoft filters often miss checking the CC field, which leaves a gap for attackers to exploit.
I totally feel you on this. We’re facing the same kind of issues, and honestly haven’t found a solid solution yet. It seems like these tactics are becoming more common.
Just to clarify, are they actually spoofing your domain? We only allow emails from our own domain (@companyname.com) and flag any external emails clearly. But it sounds like that's not what's happening here. It appears that the attacker crafted a long email thread to make it seem legitimate, with seemingly innocuous involvement from a fake CFO.
We haven't found a technological solution yet either. After a recent close call, we did implement a policy requiring finance and HR to verify new account details through a separate communication method. While this doesn't prevent initial phishing, it definitely reduces risk.
Using services like Avanan could help, as they claim to have better measures against impersonation attempts. Many email security systems mainly focus on the 'From' and 'To' fields, but it’s crucial to check the CC field too. If possible, can you confirm whether Avanan addresses this?
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures