cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Viewer II

Appending received external email with warning message to users?

In the recent ISC2 certmag there is a bank adding warning messages to their users received external email about not clicking on suspicious links or opening up attachments and it got me wondering. It seems like a good idea warning our users every time they get an external email. But would they see it so often, it would lose it's intent after a while? Anybody else have experience with implementing something like this?
6 Replies
Community Champion

Re: Appending received external email with warning message to users?

Yeah, anything that becomes an 'always on' warning in most cases tends to be mentally filed under processing overhead and ignored.

 

If someone gets a lot of external emails, and it comes with an extra disclaimer or click-through every time then this is probably going to be filtered out.

 

If however, the warning can be provided to the user at specific boundaries when there is a heightened risk of an attack or a mistake, then this makes sense:

 

  • The message is sent by an unusual sender;
  • Unusual content is present in the email;
  • The recipient is opening the email at an unusual time(they may be tired).

This is of course not exhaustive, but when you are competing with a lot of distraction it pays to be sparing.

 

 

Newcomer I

Re: Appending received external email with warning message to users?

I have something in place just a warning. If you want to look for something, search for visual clue warning for exchange.

 

I think for my users, something is better than nothing 

Newcomer I

Re: Appending received external email with warning message to users?

I would recommend using an email security product that checks out links in emails and removes them if they are deemed untrustworthy. 

Another way is to add a 'Suspicious Email' button to the email tool bar which sends the email to an IT Help Desk or similar who can then check out the link in a secure environment.

I agree that if the message is always there it will lose its effectiveness unless it is reworded or as part of an awareness program that covers various security vulnerabilities.

Newcomer III

Re: Appending received external email with warning message to users?

Adding a warning to external e-mails makes sense if the number of external e-mails is small compared to the number of internal e-mails. If the majority is external, it's overkill.

 

However, the trigger for this warning seems to be the sender's e-mail address and not the external link in the e-mail. If this is true, internal e-mails that have external links included will be missed which would defeat the purpose of the warning message.

 

In the end, it's the user's willingness to be vigilant.

Viewer

Re: Appending received external email with warning message to users?

The problem you have is that domains that are whitelisted appear as trusted domains so the warning wouldn't get applied. The answer is to educate the users to recognized genuine emails against SPAM or those containing malicious content, i.e. hyperlinks and attachments. Just tagging external mail will eventually become white noise in your email system and people will not care what they click on. So get them to identify the signs of suspicious emails and give them an avenue to send those suspect emails to a team who can evaluate the email safely.

Viewer II

Re: Appending received external email with warning message to users?

They had it setup as a transport rule so I'm not sure if they had the issue of not getting it added to all externally received mail. We just started using Knowbe4 as a training tool and phishing awareness. I'm really impressed with it so far.