We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Beware the anonymous email message

Don't respond, contact IT

Luckily for Lyndon Brown, employees at US hotel company Wyndham International are well-trained. They know that email from the IT department always comes from the vice president of customer service in IT. So when some employees got a message from [email protected] that said IT would delete their email accounts if they didn't respond with their passwords, they didn't bite. Instead, two employees forwarded the message to Brown, Wyndham's manager of strategic support systems.

The employees' suspicions were well-founded. The message was not from IT, but had slipped through the company's email gateway from the outside because a spoofed "from" address made it look like an internal message.

No harm came of the message because no one responded to it. In fact, no one could have, since the return address was invalid. But the incident gave Brown pause. Had the return address been usable and employees less cautious, it could have been disastrous. "If a user had put in his name and password, he would have been giving access to the network away," he says.

Any company with corporate data worth safeguarding should be concerned about phishers who might pose as an internal department to trick employees into giving up passwords to corporate systems.

"Every company is vulnerable to internal phishing," says Matt Cain, senior vice president of Meta Group. "It's a matter of how strong your spam defenses are."

If they're not strong, watch out. Cain knows of one phisher who launched an attack against a company, systematically emailing thousands of possible addresses in the company's domain to see which ones were valid.

A week later, the phisher launched a second attack, culled the new addresses from the second week's list and sent that group a message purporting to be from IT. The message asked users to verify their passwords. Several new employees didn't know any better and complied. Although Cain doesn't know whether the phisher actually got at corporate data, IT nevertheless had to mop up.

At Wyndham, after IT got spoofed three times in eight months, Brown decided to shore up his spam defences by implementing MailFrontier's antifraud feature, which tells users when messages have been quarantined because they look fraudulent.

He's also trying to raise employees' awareness of what should and shouldn't arrive in email, and is considering developing an online tutorial on email dos and don'ts. In addition to investing in technology, Brown also appeals to a higher power. "I say a prayer every now and then," he says.

IDG UK Sites

Sky to offer mobile phone contracts with O2: Will Vodafone make a move?

IDG UK Sites

Windows 10: a guaranteed success. Probably.

IDG UK Sites

Do we need to fight the government again over design and art education?

IDG UK Sites

Apple Watch release date & UK price rumours: Watch 'not confirmed' for April release in UK says...