From Krebs on Security:
“When that email came through, the difference didn’t jump out at me. In hindsight, it blows my mind that it doesn’t bother me more than it did. But in the hustle and bustle of the day, I was not on guard for something like this. Now, I’m second-guessing everything.”
The technique being discussed is known as imposter fraud, CEO fraud, or social hacking.
What’s needed is an Office 365 app that places a toolbar button in Outlook that will easily allow users to forward to the email (either directly or as an attachment) and then perhaps delete the selected email message – this allows users to take part in the defense of corporate email.
And that’s exactly what we developed.
This app was created in response to actual phishing attempts made on our clients’ systems, the hacker attacks on Sony (in which multiple employees were seduced into clicking on links in emails that were not in fact valid links), and in response to the world’s biggest bank robbery discovered by Kaspersky Labs and dubbed “Cabarnak“.
As an IT administrator or corporate security officer you may be getting a daily barrage of emails from your users, including reports of phishing attempts. The problem is when going to organize these emails they vary by subject, the users send the actual email instead of attaching the phishing email to a “safe” email, and you don’t know what they did with the phishing email after they sent it.
And that’s even if your users are motivated enough to report it in the first place!
The Phishing Net app for Office 365 adds a toolbar button to Outlook that makes it super easy for your users to report a suspicious email to your security team. With this add-in in place once the user has identified a suspicious looking email, all they have to do is click the Phishing Net toolbar button. The add-in then starts a new email pre-addressed to your IT staff or corporate security officer, grabs the suspicious email and attaches it, then sends that email (we call that the notification email). After that notification email has gone out successfully, it deletes the suspected phishing email. Nothing could be simpler and safer for your users.
The main advantage of handling phishing email attempts like this is that it streamlines the way you work with them. For instance the ability to have identical subjects in the notification email for each occurrence means that you can use Outlook rules to easily funnel all of these notifications to a subfolder, or even create an entire new mailbox for holding all of the attempts for easy analysis later. From there the phishing emails can be analyzed and dealt with (depending on their severity) or possibly even send a company wide alert if a particularly clever attempt is made on more than one employee. Reporting to a central address gives you information about the kind of attacks that are occurring as well as how many employees are being targeted. Having this kind of quality information lets you know how sophisticated the scammer attempt is.
This add-in, like many Sperry Software add-ins, was made with the input and suggestions of other Sperry Software customers. We think it will make a great addition to your layers of email defenses.
Note: If you or your company is interested in getting a customized version, please get in contact with us for pricing and to discuss options. We have created versions for other companies that pre-fill the address to submit the suspicious emails to (and any of the other options), and disable the options altogether (except for the Submit button obviously).