Phishing is becoming a significant threat to many businesses today. A very common type of attack is often achieved through impersonation of the target company’s leadership. This is accomplished several ways, typically by spoofing the sender name of the email.
For more information on that, check out our blog How to Recognize Phishing Attempts.
Therefore, phishing attempts are commonly carried out by imitating a coworker. You can combat this by setting your email or spam filtering service to mark external emails. In doing this, you are providing an additional clue to your staff that the email they’re reading is not from who it says it’s from.
We’ve taken it a step further with a client. We loaded in specific rules regarding the names of staff into the Exchange Online admin center to mark specific email addresses that were designed to appear like employee emails.
This is to say that nothing will take the place of plain old end user education. Keep all your staff up to date on how to recognize these types of attacks.
Here’s how we did it …
How to Tag External Email with Staff Names as Possible Phishing Attempts
Go to your Exchange admin center console and go to “mail flow”.
There you will find “rules”. Create a new rule.
We named ours “External User Caution” but you can call it whatever you want. From there you determine your if/then criteria.
Type in the usernames that might be spoofed. For myself I did: Kevin Oppihle, Kevin.Oppihle KevinOppihle.
Then you just set the priorities or timeframes and hit save!
This is a simple way for smaller organizations to do it. If you have a larger number of employees but want to apply these specific rules, we might able to help you with a PowerShell script to do it.