Forum Discussion
Possible Phishing using via
Hello All,
Sorry if this isn't the correct medium to address this issue and thanks in advance!
Our AP department here recently received an email from president requesting payment via wire. The sender info bar showed our presidents name, his email address but in parentheses ("Presidents Name" via ddltraffic.com). The contact icon to the left of his name in the sender info also states "unverified sender".
When I forwarded the email as an attachment to myself it did not show our presidents legitimate email after his name, not sure if that makes any difference.
Upon checking message trace I am seeing that the sender seems to be our presidents email but I am hesitant to conclude that his email has been compromised since the (via ddltraffic.com) tag is there.
Are there any further steps to identify where exactly this came from and anything I can do to prevent this in the future?
CsimpsonRUS phishing, spam and other malicious stuff via email can be most effectively dealt with via the following 2 techniques.
1. You should really invest time in performing sender authentication on your mail flow. Read about SPF, DKIM and DMARC. Example: https://blogs.technet.microsoft.com/fasttracktips/2016/07/16/spf-dkim-dmarc-and-exchange-online/ Most importantly, don't forget that your SPF in soft fail state is basically no protection at all. Make sure it is in hard fail "-" state. Also implement DMARC in combination with SPF to make sure only senders can send as your domain. It is important to implement them both as it is child play to spoof/impersonate domains and senders.
2. Implement mail security for zero-day and other advanced malware techniques. There are tons of 3rd party providers out there and also Microsoft offers Advanced Threat Protection for email security.
