Steps to avoid Spoofing and Phishing of mail


A common tactic scammers use is to send emails using the display name of someone within the company and an external email address. Some users won’t notice that the email didn’t come from the user with the display name and deal with the email as if it was genuine.


Following are the steps to mitigate the impact of these mail


Step 1: Add display name to user profiles on Spam Titan


You can configure Spam Titan to stop the delivery of such mail to any users on your domain, by simply associating the display name of the sender with the official email id.  Once you do this, Spam Titan will only pass through mail whose display name matches the email id. 


We recommend that this configuration is done for all or key people in your organization.  

Refer to this topic for the simple steps.


Step 2: Caution header added to alert users on receiving external mails

To help users notice that the mail has originated from outside your organization, we have added a caution to the start of every mail from an external source which looks something like this:


CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.


(If caution is not enabled for your domain - please contact us to do so via a ticket)


Step 3: Enable SPF check on incoming mail

Confirm with the Mithi team via a ticket that the SPF is checked on incoming mail.


Step 4: Configure the desktop clients to show the email id along with the display name


The steps to do so are mentioned in the following topics:

https://helpcenter.mithi.com/en/support/solutions/articles/48001216926-showing-display-name-along-with-email-id-in-outlook

https://helpcenter.mithi.com/en/support/solutions/articles/48001216928-showing-display-name-along-with-email-id-in-thunderbird


Step 5: Educate your end-users to look out for


To protect your organization from such attacks, we urge you to do the following without any delay:

  1. Educate users to pay close attention to email details.
    1. Check the display name and the email id for all emails concerning financial transactions 
    2. Check the display name and email ids of all emails before opening any attachments
    3. Exercise caution while clicking on any images/links
    4. Do not reply to a mail without verifying the source
    5. Do not open any links or attachments or take action on any emails which seem to be from a user in your domain, but which have the above cautionary header.
  2. Make a habit of continuously educating users. Have mock drills to check whether users are still following old habits.


Step 6: Strengthen the security of your email setup with the following:


  1. Password complexity - Make sure users are using complex passwords, do not allow them to specify simple hackable passwords 
  2. Password expiry - Passwords should not be valid for more than a month and this can be controlled by the password expiry feature. 
  3. Password history - Having a minimum of 3 previous passwords maintained in history ensures that older passwords are not used for a minimum time period. 
  4. Access control - Using access control, you can limit the access from known IP address ranges, limiting hackers' access to your accounts.
  5. Use secure ports only for access - Use secure ports such as HTTPS, POPS, IMAPS, and SMTP over TLS when configuring access to accounts.
  6. Use PGP encryption for critical mail flow 
  7. Enable SPF, DKIM check for incoming mails from external domains (Impact is in absence of this your valid mails will get rejected)
  8. Confirm your DNS records are intact with proper/valid SPF, DKIM, and DMARC entries 
  9. Review your DLP configurations


Step 7:     Make sure your desktops and networks are secure

    1. Confirm antivirus, anti-ransomware, anti-malware, and anti-spyware are enabled on desktops and are regularly getting updated 
    2. Confirm intrusion detection is enabled on your firewall
    3. Implement VPN access for users connecting from outside 
    4. Make sure all important server and endpoint data are backed up to external or cloud storage.


Step 8:    Adding a pattern filter


                 1. If the similar format spam mails getting delivered on daily basis you can add a pattern filter to block the mails.

                 2. You can apply a pattern filter if you don't want the spam mails to land inquarantine section, it will get blocked.                      3. Please refer to the below solution docs for adding the pattern filter:

                    https://helpcenter.mithi.com/en/support/solutions/articles/48001232169--securemailflow-spamtitan-how-to-apply-pattern-filtering