Email Security Tips

Social engineering attacks on emails have been around for a long time, but of late it has picked up pace with a newer type of scam which is commonly
referred to as Business Email Compromise(BEC).

One of them involves spoofing an address of a top-level official of an organization typically the CEO and mailing wire/fund transfer requests to other email IDs of the organization..

The following articles give an insight into details of the scam process and have info and tips on how to identify against these attacks and use emails safely. .

1) https://www.symantec.com/connect/blogs/scammers-pose-company-execs-wire-transfer-spam-campaign

2) https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/ceo-fraud-scams-and-how-to-deal-with-them-at-the-email-gateway/

3) https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/here-is-an-email-thread-of-an-actual-ceo-fraud-attack/

We recommend securing your domains by using SPF, DKIM settings for your email and also ensure 2-factor authentication for your email for better protection

We also recommend end-user training so that your users are aware of these kinds of social engineering attacks. This will help them to recognize emails which are either spam or phishing attempts and be better protected against these attacks.