
close
close
Chance to win $250 in Petri 2023 Audience Survey
In recent years, more organizations and individuals are being constantly bombarded by attacks made by cyber-criminals that use social engineering techniques to convince the recipients to do something that will cause damage to the recipient. This can be in form of financial transactions either directly from the attacked person to the criminal, such as a money order or bank withdraw.
One of the delivery methods used by the criminals is email, mostly because of the ease of use and availability to both the attacker and victims alike. Email is used to send legitimate-looking messages to non-suspecting recipients, which are designed to entice the user to open a file that contains a malware infection, click on a link that will drive the user to a website that’s infected with malware, will ask the user to login using their credentials, or hand over your personal information under false pretenses.
There are several different degrees of phishing, and while regular attacks are not overly sophisticated, there’s a more advanced attack called spear phishing, in which the attacker uses cleverly crafted and targeted emails designed to trick the victim into performing an action, such as clicking on a link or opening a file. On top of that, there are also business email compromise (BEC) attacks, which are an even more focused type of attack, where the attacker performs extensive reconnaissance about personnel within an organization and personally targets specific individuals in the organization to provide accurate information in the email message, which increases the likelihood of the victim to bite the bait.
For example, let’s take a look at an email that was sent to a company’s CFO. At first glance, this message seems to be sent from the CEO. Obviously, I masked the names and e-mail aliases, but trust me, this looks authentic:
Example of business email compromise phishing attack. (Image Credit: Daniel Petri)
“Since the FBI’s Internet Crime Complaint Center (IC3) began tracking BEC scams in late 2013, it has compiled statistics on more than 7,000 U.S. companies that have been victimized—with total dollar losses exceeding $740 million. That doesn’t include victims outside the U.S. and unreported losses.”
So how do you help employees identify when an email may be coming from an attacker versus one that’s sent from a trusted internal peer? Asides from employee training, an administrator can help by creating rules in Outlook that will color code email messages to distinguish whether the message was sent from someone belonging to the organization. Note that although color coding is a nice thing to have, do not rely solely on this practice, as false positives may exist.
The instructions listed in this article apply to Outlook 2013 and may also apply for future versions of Outlook.
First, let’s open Outlook.
Click on the “View” tab.
Click on “View Settings.”
The view tab in Outlook 2013. (Image Credit: Daniel Petri)
Advanced View Settings in Outlook 2013. (Image Credit: Daniel Petri)
Result of conditional formatting in Outlook 2013. (Image Credit: Daniel Petri)
More in Security
Git Releases New Security Updates to Block Remote Code Execution Attacks
Jan 18, 2023 | Rabia Noureen
Bitwarden – An Open-Source Alternative to LastPass for Business and Personal Use
Jan 3, 2023 | Russell Smith
LastPass Confirms Hackers Stole Personal Data and Encrypted Password Vaults
Dec 23, 2022 | Rabia Noureen
Most popular on petri