On Mon, 27 Jun 2016 18:41:04 +0530 Ram <r...@netcore.co.in> wrote: > I am seeing messages that appear to come from the MD or the CEO of > the company to the accounts department asking people to transfer > money to some fake account > > These messages were initially few and I ignored. But now this has > become a problem. > I know these are not spam messages so catching them will be out of > scope for a spam filter. > > These messages have different envelope ids so SPF checks always pass. > The header from is properly formatted exactly how it will be in a > normal mail > > What measures do you take for such spear phishing > > Thanks > Ram >
You're not using the proper tools. you cannot expect spamassassin to magically prevent all such messages. Just because spamassassin or any other filter passes such a message does not mean it is valid. To use spamassassin and filters to block such messages gives a false sense of security and leads to false assumptions of authenticity. Your company must enforce strict AP controls to prevent payouts based on such messages and the controls must apply to everyone, including the CEO. Those are the proper tools. Given that these messages are appearing more frequently, it may be that some have already been successful. I suggest you consider an AP audit to ensure that this is not the case