Recent updates
-
Banners: Business Email Compromise
Updated onArticleThroughout the past few years, there has been an increase in business email compromise attacks, which typically spoof CEOs' and CFOs' email addresses to initiate wire transfers, request small-dollar gift cards for charity events, or reward staff for their work. In these cases, the email is typically coming from an executive at the organization and is directed to either an executive assistant or to junior employees in his or her department. For example:
- David Smith <[email protected]>
- [email protected] <[email protected]>
Additional Information Visible-IR (Incident Response) Email Security
-
Banners: Known Address in Display Name
Updated onArticleDisplay name deception is the most common form of email spoofing and is often successful because many email clients (especially on mobile devices) show only the display name. With this kind of attack, criminals can insert the identity of a trusted address masking the real email address in use. Since common consumer mailbox services, such as Gmail and Yahoo, allow a user to specify any value in the display name, this type of attack is simple and cheap to stage from such a service. For example:
- David Smith <[email protected]>
- [email protected] <[email protected]>
Additional Information Visible-IR (Incident Response) Email Security
-
Banners: Company's Name Appears in Display Name
Updated onArticleSimilar to display name deception in this kind of attack, criminals can insert the identity of a company name or a trusted brand (such as the name of the bank used by the targeted individual) into the display name. Since common consumer mailbox services, such as Gmail and Yahoo, allow a user to specify any value in the display name, this type of attack is simple and cheap to stage from such a service. For example:
- Bank of America <[email protected]>
- Bank of America <[email protected]>
Additional Information Visible-IR (Incident Response) Email Security
-
Banners: Domain Look-Alike
Updated onArticleIn cases where a domain is protected by email authentication and domain spoofing is not possible, attackers try to deceive the recipient by registering and using domains that are similar to the impersonated domain. These types of attacks, known as lookalike domain attacks, often use homoglyphs or characters that appear similar to the original characters in the impersonated domain. For example:
- [email protected] vs [email protected]00GLE.COM (replacing letter O with number 0)
- [email protected] vs [email protected]Ie.com (replacing lowercase L with uppercase I)
Additional Information Visible-IR (Incident Response) Email Security
-
Banners: Exact Display Name Impersonation
Updated onArticleDisplay name deception is the most common form of email spoofing and is often successful because many email clients (especially on mobile devices) show only the display name. With this kind of attack, criminals can insert the identity of a trusted individual (such as the name of an executive at the targeted company) or a trusted brand (such as the name of the bank used by the targeted individual) into the display name. Since common consumer mailbox services, such as Gmail and Yahoo, allow a user to specify any value in the display name, this type of attack is simple and cheap to stage from such a service. For example:
- David Smith <[email protected]google.com>
- David Smith <[email protected]yahoo.com>
Additional Information Visible-IR (Incident Response) Email Security
-
Banners: Similar Display Name Impersonation
Updated onArticleDisplay name deception is the most common form of email spoofing and is often successful because many email clients (especially on mobile devices) show only the display name. With this kind of attack, criminals can insert the identity of a trusted individual (such as the name of an executive at the targeted company) or a trusted brand (such as the name of the bank used by the targeted individual) into the display name. Since common consumer mailbox services, such as Gmail and Yahoo, allow a user to specify any value in the display name, this type of attack is simple and cheap to stage from such a service. For example:
Additional Information Visible-IR (Incident Response) Email Security
-
Banners: Sender Address Spoofing
Updated onArticleSender Address Spoofing occurs when an attacker purports to be a known, familiar or plausible contact by either altering the email address to match a trusted contact or mimicking the email address of a known contact. For example:
- [email protected]
- [email protected] (letter S replaced with the number 5)
- [email protected] (the period replaced with a dash)
Additional Information Visible-IR (Incident Response) Email Security
-
Banners: First Time Sender
Updated onArticleThis banner may appear the first time you have received an email from a new sender. This is a low priority notice just to make you aware that you have never received an email from this person (in case an attacker is trying to make you think they are someone else).
Additional Information Visible-IR (Incident Response) Email Security
-
Banners: Email Reported by Another User
Updated onArticleThis email was received by multiple users at your organization and was reported as malicious by one or more of your co-workers. This email should be handled with great care as we do not yet know if this email is dangerous! Links and attachments appear in this email may not be safe and might compromise your computer. The Security team is aware and is investigating this incident.
If this email is found to be safe the banner will be removed from the email.
Additional Information Visible-IR (Incident Response) Email Security
-
Reporting Emails In Outlook Mobile
Updated onArticleFollow the steps below to report a suspicious email using the [Report Phish] button in Outlook Mobile.
Additional Information Visible-IR (Incident Response) Email Security