Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 3615 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sphere Phishing

balletbob

We see a few sphere phishing attacks where someone is pretending to be a staff member. They seem to get through because the FROM address is a valid email address of ours. How we prevent this?

We already have RDNS and SPF checks turned on.



This thread was automatically locked due to age.
Parents
  • 0

    You can do strict RDNS but this may not work and/or increase the amounts of false positives.

    Unfortunately Spear Phishing is incredibly difficult to defend against because it's very nature is a targeted attack on a specific user/person/group using details and information to point that it could be incredibly easy to believe that email is legitimate.

    You could create an SPF TXT record on your domain so that the UTM will refuse emails coming from your domain but not not coming from the IPs you've specified.

    What i'd also suggest you do is work out the IP address of where the emails are coming from and blocking it if you can. Alternatively if you have open email relays inside your network, the scammer may be sending the emails form inside your network already.

    Trying to defend against spear phishing is one of the hardest types of emails to do this for. The only true defense for a spear phish attack is for your employees to be properly educated and confirm with higher ups/remote party (that's being faked) by phone or similar to prevent them doing something that could cause a problem.

Reply
  • 0

    You can do strict RDNS but this may not work and/or increase the amounts of false positives.

    Unfortunately Spear Phishing is incredibly difficult to defend against because it's very nature is a targeted attack on a specific user/person/group using details and information to point that it could be incredibly easy to believe that email is legitimate.

    You could create an SPF TXT record on your domain so that the UTM will refuse emails coming from your domain but not not coming from the IPs you've specified.

    What i'd also suggest you do is work out the IP address of where the emails are coming from and blocking it if you can. Alternatively if you have open email relays inside your network, the scammer may be sending the emails form inside your network already.

    Trying to defend against spear phishing is one of the hardest types of emails to do this for. The only true defense for a spear phish attack is for your employees to be properly educated and confirm with higher ups/remote party (that's being faked) by phone or similar to prevent them doing something that could cause a problem.

Children
No Data
Unfiltered HTML