Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
tmekelburg1
Community Champion
‎01-07-2018 09:33 PM
‎01-07-2018 09:33 PM

Appending received external email with warning message to users?

In the recent ISC2 certmag there is a bank adding warning messages to their users received external email about not clicking on suspicious links or opening up attachments and it got me wondering. It seems like a good idea warning our users every time they get an external email. But would they see it so often, it would lose it's intent after a while? Anybody else have experience with implementing something like this?
Reply
0 Kudos
6 Replies
Early_Adopter
Community Champion
‎01-07-2018 11:08 PM
‎01-07-2018 11:08 PM

Yeah, anything that becomes an 'always on' warning in most cases tends to be mentally filed under processing overhead and ignored.

 

If someone gets a lot of external emails, and it comes with an extra disclaimer or click-through every time then this is probably going to be filtered out.

 

If however, the warning can be provided to the user at specific boundaries when there is a heightened risk of an attack or a mistake, then this makes sense:

 

  • The message is sent by an unusual sender;
  • Unusual content is present in the email;
  • The recipient is opening the email at an unusual time(they may be tired).

This is of course not exhaustive, but when you are competing with a lot of distraction it pays to be sparing.

 

 

Reply
0 Kudos
Davidr-uk
Newcomer I
‎01-08-2018 03:18 AM
‎01-08-2018 03:18 AM

I have something in place just a warning. If you want to look for something, search for visual clue warning for exchange.

 

I think for my users, something is better than nothing 

Reply
0 Kudos
Gonif
Newcomer I
‎01-08-2018 04:05 AM
‎01-08-2018 04:05 AM

I would recommend using an email security product that checks out links in emails and removes them if they are deemed untrustworthy. 

Another way is to add a 'Suspicious Email' button to the email tool bar which sends the email to an IT Help Desk or similar who can then check out the link in a secure environment.

I agree that if the message is always there it will lose its effectiveness unless it is reworded or as part of an awareness program that covers various security vulnerabilities.

Reply
erwindus
Contributor II
‎01-08-2018 04:56 AM
‎01-08-2018 04:56 AM

Adding a warning to external e-mails makes sense if the number of external e-mails is small compared to the number of internal e-mails. If the majority is external, it's overkill.

 

However, the trigger for this warning seems to be the sender's e-mail address and not the external link in the e-mail. If this is true, internal e-mails that have external links included will be missed which would defeat the purpose of the warning message.

 

In the end, it's the user's willingness to be vigilant.

Reply
0 Kudos
Slaine
Viewer
‎01-08-2018 07:29 AM
‎01-08-2018 07:29 AM

The problem you have is that domains that are whitelisted appear as trusted domains so the warning wouldn't get applied. The answer is to educate the users to recognized genuine emails against SPAM or those containing malicious content, i.e. hyperlinks and attachments. Just tagging external mail will eventually become white noise in your email system and people will not care what they click on. So get them to identify the signs of suspicious emails and give them an avenue to send those suspect emails to a team who can evaluate the email safely.

Reply
0 Kudos
tmekelburg1
Community Champion
‎01-08-2018 09:54 AM
‎01-08-2018 09:54 AM

They had it setup as a transport rule so I'm not sure if they had the issue of not getting it added to all externally received mail. We just started using Knowbe4 as a training tool and phishing awareness. I'm really impressed with it so far.
Reply
0 Kudos