{"id":17479,"date":"2020-01-17T11:21:04","date_gmt":"2020-01-17T19:21:04","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2020\/01\/17\/news-11214\/"},"modified":"2020-01-17T11:21:04","modified_gmt":"2020-01-17T19:21:04","slug":"news-11214","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2020\/01\/17\/news-11214\/","title":{"rendered":"Don\u2019t let imposters into your inbox"},"content":{"rendered":"<p><strong>Credit to Author: Rich Beckett| Date: Fri, 17 Jan 2020 18:46:03 +0000<\/strong><\/p>\n<div class=\"entry-content\">\n<p>Phishing emails impersonating well-known brands and VIPs within an organization are a big problem for security teams to deal with. So, we\u2019re excited to announce that you&#8217;ll now be able to detect and block these impersonation attacks with Sophos Email Advanced.<\/p>\n<h2>Email impersonation phishing attacks in action<\/h2>\n<p>In our <a href=\"https:\/\/secure2.sophos.com\/en-us\/security-news-trends\/whitepapers\/gated-wp\/next-gen-firewall-achilles-heel.aspx?cmp=26058\">latest study<\/a>, we found that five out of ten organizations view malicious emails as their top security concern, with 53% experiencing a phishing attack in the past twelve months.<\/p>\n<p>Impersonation attacks are often the hardest to combat, and usually with no malicious payload to detect. In these attacks, criminals regularly try to deceive employees, using the name of a trusted sender to encourage victims to reply, click a link, open an attachment, and so on.<\/p>\n<p>Relying on users to merely scan email sender addresses, these attacks use simple display name forgery to change the visible part of the email address that we see in many common email clients.<\/p>\n<p>Changing the display name to that of a trusted brand or a senior executive within the organization is a simple but effective technique for attackers.<\/p>\n<p>These attacks reign down from free email accounts, and in more targeted attacks, are known to use lookalike domain names, like that of the corporate domain.<\/p>\n<h2>The latest highlights<\/h2>\n<p>The most recent enhancement for Sophos Email Advanced offers crucial protection against these impersonation phishing attacks as well as several great advancements:<\/p>\n<ul>\n<li>Compares the display name of inbound emails to the display name of commonly abused cloud service brand names and to VIPs within the customers organization to check for matches. These could be the CEO, CFO, and HR Director, etc.<\/li>\n<li>Provides a simple wizard to identify and add VIPs within the organization to your policy for analysis with all inbound messages.<\/li>\n<li>Compares header information, analyzing the display name in relation to the full email address and domain name used, to identify free email domains, lookalike domains of popular cloud services such as Microsoft, Amazon, and VIP name impersonation attempts.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"63546\" data-permalink=\"https:\/\/news.sophos.com\/en-us\/2020\/01\/17\/dont-let-imposters-into-your-inbox\/policy\/\" data-orig-file=\"https:\/\/sophos.files.wordpress.com\/2020\/01\/policy.png\" data-orig-size=\"1572,648\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Policy\" data-image-description=\"\" data-medium-file=\"https:\/\/sophos.files.wordpress.com\/2020\/01\/policy.png?w=300\" data-large-file=\"https:\/\/sophos.files.wordpress.com\/2020\/01\/policy.png?w=640\" class=\"aligncenter size-full wp-image-63546\" src=\"https:\/\/sophos.files.wordpress.com\/2020\/01\/policy.png?w=640&#038;h=264\" alt=\"\" width=\"640\" height=\"264\" srcset=\"https:\/\/sophos.files.wordpress.com\/2020\/01\/policy.png?w=640&amp;h=264 640w, https:\/\/sophos.files.wordpress.com\/2020\/01\/policy.png?w=1280&amp;h=528 1280w, https:\/\/sophos.files.wordpress.com\/2020\/01\/policy.png?w=150&amp;h=62 150w, https:\/\/sophos.files.wordpress.com\/2020\/01\/policy.png?w=300&amp;h=124 300w, https:\/\/sophos.files.wordpress.com\/2020\/01\/policy.png?w=768&amp;h=317 768w, https:\/\/sophos.files.wordpress.com\/2020\/01\/policy.png?w=1024&amp;h=422 1024w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/p>\n<h2>Identifying VIPs<\/h2>\n<p>VIPs are employees in the organization who are most likely to be impersonated by phishing attackers.<\/p>\n<p>While all users will receive the same protection, the system will look for external senders impersonating your VIPs, and you can add up to 200 VIPs to the list.<\/p>\n<p>Creating a VIP list in Sophos Central couldn\u2019t be simpler. You can choose to \u201cAdd VIPs\u201d by searching your user list for known individuals.<\/p>\n<p>Alternatively, if active directory synchronization has been enabled, select \u201cHelp me find VIPs\u201d and Sophos Email will look for users with titles that are in line with job roles most likely to be impersonated:<\/p>\n<ul>\n<li>CEO<\/li>\n<li>President<\/li>\n<li>Chief Financial Officer<\/li>\n<li>CFO<\/li>\n<li>Finance Director<\/li>\n<li>Human Resources Director<\/li>\n<li>HR Director<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"63548\" data-permalink=\"https:\/\/news.sophos.com\/en-us\/2020\/01\/17\/dont-let-imposters-into-your-inbox\/vips\/\" data-orig-file=\"https:\/\/sophos.files.wordpress.com\/2020\/01\/vips.png\" data-orig-size=\"1597,720\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"VIPs\" data-image-description=\"\" data-medium-file=\"https:\/\/sophos.files.wordpress.com\/2020\/01\/vips.png?w=300\" data-large-file=\"https:\/\/sophos.files.wordpress.com\/2020\/01\/vips.png?w=640\" class=\"aligncenter size-full wp-image-63548\" src=\"https:\/\/sophos.files.wordpress.com\/2020\/01\/vips.png?w=640&#038;h=289\" alt=\"\" width=\"640\" height=\"289\" srcset=\"https:\/\/sophos.files.wordpress.com\/2020\/01\/vips.png?w=640&amp;h=289 640w, https:\/\/sophos.files.wordpress.com\/2020\/01\/vips.png?w=1280&amp;h=578 1280w, https:\/\/sophos.files.wordpress.com\/2020\/01\/vips.png?w=150&amp;h=68 150w, https:\/\/sophos.files.wordpress.com\/2020\/01\/vips.png?w=300&amp;h=135 300w, https:\/\/sophos.files.wordpress.com\/2020\/01\/vips.png?w=768&amp;h=346 768w, https:\/\/sophos.files.wordpress.com\/2020\/01\/vips.png?w=1024&amp;h=462 1024w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/p>\n<h2>Acting on the threat<\/h2>\n<p>This new service allows email administrators to act on potential threats with policy controls to quarantine suspicious messages, tag the subject line, delete them or warn users with a banner added to inbound emails.<\/p>\n<p>The enhanced \u201cAt Risk Users\u201d report gives a deeper level of visibility into these phishing threats. It provides a breakdown of phishing impersonation attempts received, as well as any users who have either been warned or blocked from visiting URLs with malicious content. Drill-down levels provide further insight, including:<\/p>\n<ul>\n<li><strong>Number of impersonation emails received by user <\/strong>allows you to easily see those most targeted<\/li>\n<li><strong>Impersonation type<\/strong>: VIP or brand impersonation<\/li>\n<li><strong>Summary information for each phishing email<\/strong> including display name and email address used, and whether the recipient replied<\/li>\n<li><strong>Full visibility of email header, message content and attachment types<\/strong><br \/> <img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"63550\" data-permalink=\"https:\/\/news.sophos.com\/en-us\/2020\/01\/17\/dont-let-imposters-into-your-inbox\/impersonation-report\/\" data-orig-file=\"https:\/\/sophos.files.wordpress.com\/2020\/01\/impersonation-report.png\" data-orig-size=\"1909,805\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Impersonation Report\" data-image-description=\"\" data-medium-file=\"https:\/\/sophos.files.wordpress.com\/2020\/01\/impersonation-report.png?w=300\" data-large-file=\"https:\/\/sophos.files.wordpress.com\/2020\/01\/impersonation-report.png?w=640\" class=\"aligncenter size-full wp-image-63550\" src=\"https:\/\/sophos.files.wordpress.com\/2020\/01\/impersonation-report.png?w=640&#038;h=270\" alt=\"\" width=\"640\" height=\"270\" srcset=\"https:\/\/sophos.files.wordpress.com\/2020\/01\/impersonation-report.png?w=640&amp;h=270 640w, https:\/\/sophos.files.wordpress.com\/2020\/01\/impersonation-report.png?w=1280&amp;h=540 1280w, https:\/\/sophos.files.wordpress.com\/2020\/01\/impersonation-report.png?w=150&amp;h=63 150w, https:\/\/sophos.files.wordpress.com\/2020\/01\/impersonation-report.png?w=300&amp;h=127 300w, https:\/\/sophos.files.wordpress.com\/2020\/01\/impersonation-report.png?w=768&amp;h=324 768w, https:\/\/sophos.files.wordpress.com\/2020\/01\/impersonation-report.png?w=1024&amp;h=432 1024w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/li>\n<\/ul>\n<h2>Superior phishing protection<\/h2>\n<p>The level of phishing protection added to Sophos Email in this latest release offers incredible value, with simple controls that help ensure protection is in place quickly.<\/p>\n<p><strong>Social engineering<\/strong><br \/> Suspicious messages can be blocked, quarantined, tagged with a subject line or have a warning banner added.<\/p>\n<p>As well as the new impersonation protection, Sophos Email scans all inbound email in real-time, searching for key phishing indicators with SPF, DKIM and DMARC authentication techniques and email header anomaly analysis.<\/p>\n<p><strong>Malicious URLs and attachments<\/strong><br \/> Real-time malicious URL detection and AI-powered sandboxing.<\/p>\n<p>For phishing protection against malicious URLs or attachments that may contain malware, Sophos Email\u00a0 provides real-time URL scanning and Time of Click URL rewriting to analyze any URL before it gets clicked. Then Sophos Sandstorm, our AI-powered cloud sandbox, detonates suspicious files to ensure malware never reaches the inbox.<\/p>\n<p><strong>User education<\/strong><br \/> Intelligent cybersecurity awareness training.<\/p>\n<p>Sophos Synchronized Security connects Sophos Email to Phish Threat, the Sophos phishing simulation and training platform.<\/p>\n<p>Users who have been warned or blocked from visiting a risky website or replying to a spear phishing email are identified and then seamlessly enrolled onto targeted phishing simulations and training to improve awareness. A Phish Threat license is required.<\/p>\n<p>To find out more visit the <a href=\"http:\/\/sophos.com\/email\">Sophos Email Security<\/a> page.<\/p>\n<\/p><\/div>\n<p><a href=\"http:\/\/feedproxy.google.com\/~r\/sophos\/dgdY\/~3\/u4JD_34SGw0\/\" target=\"bwo\" >http:\/\/feeds.feedburner.com\/sophos\/dgdY<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/sophos.files.wordpress.com\/2020\/01\/email-hero-banner-desktop.png\"\/><\/p>\n<p><strong>Credit to Author: Rich Beckett| Date: Fri, 17 Jan 2020 18:46:03 +0000<\/strong><\/p>\n<p>Email impersonation protection is now available in Sophos Email Advanced.&lt;img src=&#8221;http:\/\/feeds.feedburner.com\/~r\/sophos\/dgdY\/~4\/u4JD_34SGw0&#8243; height=&#8221;1&#8243; width=&#8221;1&#8243; alt=&#8221;&#8221;\/&gt;<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10377],"tags":[23960,10401,10394,19484],"class_list":["post-17479","post","type-post","status-publish","format-standard","hentry","category-security","category-sophos","tag-email-impersonation-protection","tag-enduser","tag-sophos-email","tag-sophos-email-advanced"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17479","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=17479"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17479\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=17479"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=17479"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=17479"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}