At the small company I work at we see this sort of attack frequently.
Especially this time of year when the crooks dust off the ol’ “Busy
boss here. Need’ya to buy me gift cards as client gifts” scam. Over
the years, at least one employee has fallen for this, and another came
close. During non-holiday periods we get occasional waves of
“employees” mailing one another “invoices”, as though this would
be a common practice(?)
Anyway, I just set up a list of key/long-tenured/frequently spoofed
employee names along with common variants and quarantine anything
purporting to come from them which originates from outside our
organization. This takes a bit of white listing for those wayward
employees who email themselves pictures and whatnot from personal
accounts as a means of transferring files, but otherwise it’s not much
work and reasonably effective.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
