Here’s a trick we used to help one of our customers filter out attacks from the noise of real emails.
Like many of you, our customers get way too many email attacks every day. These attackers are after our users’ email passwords. We found one new way to help even relatively untrained users to distinguish real coworker emails from attacks that were spoofing coworker emails.
Microsoft Office 365 lets you add special messages to emails that only internal users see. We programmed a disclaimer to popup for EVERY external email labeling it as a an [EXTERNAL SENDER] in bright red text. With this disclaimer in bright colors at the top of every email, a user is immediately on alert if a message purports to come from a member of the team, HR or someone in accounting.
Since this type of attack – pretending to be an internal account – is one of the most common vectors for phishing attacks, we have gotten feedback that this is a simple yet effective deterrent to users believing those emails and clicking on infected links.
Want me to show you how I did it? Just give me a call or email me and I’ll send you the “How To” on this simple fix.