External Emails warning

In short, you should have warnings on external emails. Yes in Outlook you can look at the address, but on other platforms (Apple for one) it just shows the ‘from’ name. Also if you spoof an internal email Outlook will ‘helpfully’ look up the photo of the person and add that for you making it look like the person actually sent the email!

As mentioned in the last post, I based all of this from this post on external email warnings. But I did create a second one for spoofed emails which matches:

If the message:
Sender's address domain portion belongs to any of these domains: 'company.com' or 'company.org'
and Is received from 'Outside the organization'

Take the following actions:

Prepend the message with the disclaimer 'WARNING: Please contact IT - this email appears to be a Phishing attempt'. If the disclaimer can't be applied, attach the message to a new disclaimer message.

Except if the message:
Is received from 'Partner company that sends emails as us'

Basically any emails from external that claims to be from an internal domain flag them. I highly recommend that you test this first, as there will be domains you will have to exclude from this. Like payroll companies and similar that email as your company. But it should help with phishing emails.

Security should be like olden castles. Not just one door to get in, but moats, multiple walls, towers etc. Multiple defenses to stop the bad guys. Assume they will get in, but then they have to avoid all your traps to remain undetected. This is just one of many things you can do to protect yourself.

Until next time, stay safe out there.