Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
danw-mhtn Honored Contributor.
Honored Contributor.
70 views

CEO fraud emails

We are getting more and more email claiming to be from the CEO or President.  On the local GW client we can easily see that the email address and the display name do not match while on mobile devices it is not apparent.

Has anyone written a rule that checks the display name against the email address?  Or is there a better way of handling this?

Tags (2)
0 Likes
2 Replies
Knowledge Partner
Knowledge Partner

Re: CEO fraud emails

Now that would be cool, but I'm not sure if there is a way to do it.  I need to look into that.  In the meantime, a helpful rule I have in SMG is a Header Filter rule that looks in the message header for the following: 

FROM:*@my_domain.com

 

--
Ken
Knowledge Partner

Create and vote for enhancements!
Idea Exchange sites within this community are now coming online for some of the Collaboration Products!
GroupWise Idea Exchange - https://community.microfocus.com/t5/GroupWise-Idea-Exchange/idb-p/GWideas
SMG Idea Exchange - https://community.microfocus.com/t5/Secure-Messaging-Gateway-Idea/idb-p/SMG_Ideas
Old method is still available for some products here: https://www.microfocus.com/products/enhancement-request.html
Knowledge Partner
Knowledge Partner

Re: CEO fraud emails

Looked into this a bit.  SMG does not have a filter that can validate "FROM" names against emails in your system.  For that you should create an enhancement request at https://community.microfocus.com/t5/Secure-Messaging-Gateway-Idea/idb-p/SMG_Ideas

However, if your CEO or President has a name that is not too common, you could just create a Message Text filter that looks for that name.  Check the option for message header and add the search criteria of "FROM: *first_name last_name*" without the quotes.  You might need to put a few variations in there just in case.  Obviously you run the risk of blocking legitimate email the more common their name is, but it might be worth a shot.  If you do have someone with the same name that gets blocked by this rule, you could add an exception for their email address.

We have run into this complaint also.  Smart phone makers in my opinion hide too much info for the sake of looks/design/screen real estate.  Until they wake up to the security issues they are causing and change things, the best thing to do is educate users.  I highly recommend regular phishing training and testing.  We use KnowBe4, but there are others out there also.  I have seen a definite increase in awareness since we implemented a training/testing policy.  Well worth it.

Hope that helps!

--
Ken
Knowledge Partner

Create and vote for enhancements!
Idea Exchange sites within this community are now coming online for some of the Collaboration Products!
GroupWise Idea Exchange - https://community.microfocus.com/t5/GroupWise-Idea-Exchange/idb-p/GWideas
SMG Idea Exchange - https://community.microfocus.com/t5/Secure-Messaging-Gateway-Idea/idb-p/SMG_Ideas
Old method is still available for some products here: https://www.microfocus.com/products/enhancement-request.html
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.