scan POA for non-virus content with SMG

We were just hit with a social engineering/ CEO fraud attack that our involved users did not bite on thankfully. But I have been directed to ask if twe could use something like an IMAP inteface policy to scan for emails that are not virus-ey but rather of the format [HighRankingPerson]@gmail.com. I don't think so but can SMG do something like that with the POA?

thanks,

Andrew

  • Verified Answer

    +1  

    Yes, SMG can do an IMAP scan of your GroupWise post office.

    You can create multiple Scan Policies and use one Policy Scan Configuration specifically created for your post office scan.

    That Policy Scan Configuration behaves the same as any other. For example, you can use filters to check for text strings and attach services to deal with them accordingly.

    __________
    Kevin Boyle, 
    Knowledge Partner

    Calgary, Alberta, Canada

  • 0 in reply to   

    Ok thanks Kevin. The challenge is that these attacks vary and in this particular case it was [HighRankingPerson} as the Display name and the sender/reply to address was completely different which on the plus side degraded the utility of the attack. So it would be inherently reactive... 

  • 0   in reply to 
    Display name and the sender/reply to address was completely different

    This is not uncommon when dealing with mass mailings.

    • From: is the person who composed or owns the email.
    • Sender: can be an individual responsible for sending it or service responsible for mass mailings.
    • Reply to: can be another email address different from both the From and Sender address.

    All of which just makes life interesting for sysadmins. :-)

    __________
    Kevin Boyle, 
    Knowledge Partner

    Calgary, Alberta, Canada

  • 0  
    We were just hit with a social engineering/ CEO fraud attack

    Are you currently using SMG to scan incoming email?

    While it is impossible to foresee every type of malware, SMG provides enough filter types to block the obvious ones, quarantine questionable email, and insert warnings to recipients that they are reading email originating from an external source and that they should be careful about clicking on links.

    The objective should be to keep unwanted email from entering your system rather than search for it after it has entered!

    __________
    Kevin Boyle, 
    Knowledge Partner

    Calgary, Alberta, Canada

  • 0 in reply to   

    100% agree and yes we scan inbound mail. This one got through. Looking at the email, it's the name of an HRP plus a demand for urgency and then a smomewhat random gmail address:

    "Hello, I hope you're not too busy at the moment. However, if you are, please prioritize this task. I need you to complete an urgent assignment immediately. No calls just respond to my email instead.
    HighRankingPerson
    Department Head
    Sent from myMail"
    Is everything I have to work with.
    Andrew
  • 0   in reply to 

    I had similar  experiences for some customers several times. Especially universities. SMG IMAP scanning was a great help!


    Use "Verified Answers" if your problem/issue has been solved!