Sophos Central Admin: Sophos Central Engineering will be performing routine maintenance to Sophos Central on Saturday February 1, 2020 starting at 13:00 (UTC). For more info please see KBA 133402.
Phishing emails impersonating well-known brands and VIPs within an organization are a big problem for security teams to deal with. So, we’re excited to announce the ability to now detect and block these impersonation attacks with Sophos Email Advanced.
The Threat from Email Impersonation Phishing Attacks
The latest study from Sophos revealed that five out of ten organizations see malicious emails as their top security concern, with 53% experiencing a phishing attack in the past twelve months. Impersonation attacks are often the hardest to combat, often with no malicious payload to detect. In these attacks, criminals often try to deceive employees, using the name of a trusted sender to encourage victims to reply, click a link, open an attachment, and so on.
Relying on users who scan email sender addresses, these attacks use simple display name forgery, to change the visible part of the email address that we see in many common email clients. Changing the display name to use that of trusted brands, or senior executive within the organization – and it’s highly effective for attackers.
These attacks reign down from free email accounts, and in more targeted attacks, are known to use lookalike domain names, like that of the corporate domain.
This latest enhancement for Sophos Email Advanced offers crucial protection against these impersonation phishing attacks and offers several great advancements:
VIPs are employees in the organization who are most likely to be impersonated by phishing attackers. While all users will receive the same protection, the system will look for external senders impersonating your VIPs and customers may add up to 200 VIPs.
Creating a VIP list in Sophos Central couldn’t be simpler. Either choose to “Add VIPs” by searching your user list for known individuals. Alternatively, if active directory synchronization has been enabled, select “Help me find VIPs” and Sophos Email will look for users with titles that are in line with job roles most likely to be impersonated:
Acting on the Threat
This new service allows email administrators to act on potential threats with policy controls to quarantine suspicious messages, tag the subject line, delete, or warn users - with a banner added to inbound emails.
The enhanced “At Risk Users” report provides a deeper level of visibility into these phishing threats. Providing a breakdown of phishing impersonation attempts received, as well as users either warned or blocked from visiting URLs with malicious content. Drill-down levels provide further insight including: