GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » Product Feedback » Kerio Connect Feedback » Full Name vs Sender comparison phishing check
Full Name vs Sender comparison phishing check [message #146625] Wed, 18 September 2019 14:44 Go to next message
jcooper is currently offline  jcooper
Messages: 113
Registered: May 2009
Location: Syracuse, NY
Add field/setting to filters so the following rule could be run on the server:

IF senderFriendlyName IS IN Users.FullName AND SenderAddress DOES NOT CONTAIN domain.com, perform action.

Example: email appears to be from me, but is actually from someone faking my name, I can flag it as spam:

==============
From: Jeff Cooper <evilhacker<_at_>gmail.com>
To: End User <enduser<_at_>mydomain.com>
SUBJECT: Important Task
MESSAGE: Please click this link to send gift cards to an important client!
==============

Most end-users do not bother checking the address of the sender, only react (clicking a bad link or something) when they recognize the name.

Thanks,

Jeff

Report message to a moderator

Re: Full Name vs Sender comparison phishing check [message #146634 is a reply to message #146625] Thu, 19 September 2019 07:53 Go to previous messageGo to next message
Raptortilla is currently offline  Raptortilla
Messages: 10
Registered: August 2019
We would appreciate that, too, because we have the same problem. Thank you!

Report message to a moderator

Re: Full Name vs Sender comparison phishing check [message #146690 is a reply to message #146625] Fri, 27 September 2019 19:49 Go to previous messageGo to next message
SiriusMac is currently offline  SiriusMac
Messages: 98
Registered: April 2010
jcooper wrote on Wed, 18 September 2019 05:44
Add field/setting to filters so the following rule could be run on the server:

IF senderFriendlyName IS IN Users.FullName AND SenderAddress DOES NOT CONTAIN domain.com, perform action.

Example: email appears to be from me, but is actually from someone faking my name, I can flag it as spam:

==============
From: Jeff Cooper <evilhacker<_at_>gmail.com>
To: End User <enduser<_at_>mydomain.com>
SUBJECT: Important Task
MESSAGE: Please click this link to send gift cards to an important client!
==============

Most end-users do not bother checking the address of the sender, only react (clicking a bad link or something) when they recognize the name.

Thanks,

Jeff
Yes! We are seeing more and more of this type of attack, made all the more difficult as Outlook seems to be going out of its way to mask the email address from the senderFriendlyName. The challenge as I see it is determining how to differentiate between, using the example presented "From: Jeff Cooper <evilhacker<_at_>gmail.com>" and "From: Jeff Cooper [RealJeffCooper]<_at_>gmail.com>.

Report message to a moderator

Re: Full Name vs Sender comparison phishing check [message #146691 is a reply to message #146634] Fri, 27 September 2019 20:20 Go to previous message
dhendr@tlcd is currently offline  dhendr@tlcd
Messages: 3
Registered: June 2010
Full Name vs Sender comparison phishing check
We are experiencing the same problem and would like to see this feature too.

Report message to a moderator

Previous Topic: SRS Support
Next Topic: Forced TLS
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Wed Jun 07 04:24:43 CEST 2023

Total time taken to generate the page: 0.02335 seconds
.:: Contact :: Home :: Acceptable Use Policy ::.

Powered by: FUDforum 3.0.9.
Copyright ©2001-2022 FUDforum Bulletin Board Software