We're re-publishing this important vendor communication.
I wanted to reach out to share some best practices, data, and updates from the Proofpoint team around a critical attack vector. There have been many well publicized incidents recently of "business email compromise", highly targeted campaigns going after HR or finance departments, all of which rely on attackers convincing users that they are someone else. For example, a vendor needing payment, or an executive requesting a wire transfer or needing specific information like employee W2 data during tax season. That underlying approach is what we call "impostor email threats." Proofpoint researchers described these threats in a recent blog post, pointing out that they are natural extensions of the evolving phishing schemes we have seen for over the past decade.
In light of the recent uptick in attacks and the significant risk they pose, we recommend the following immediate actions:
Strongly consider enabling the “impostor email detection setting” in Proofpoint Essentials to best defend your users from these threats. We’ve documented the best practices for configuring these rules in this Knowledge Base article.
Make your Customer’s HR, Finance, and other teams aware of the types of emails they may receive. Recently, Proofpoint blocked emails with subject lines ranging from personal and familiar ("FYI, James" or "Hello Matt”) to specific and urgent ("WIRE REQUEST!!!", "Request for March 04,2016", and "Request For All Employees' W2s, Friday 4th March, 2016).
Connect with your Proofpoint team for further information regarding the new impostor email detection we’ve added to Proofpoint Essentials.
Click here for Info Graphic
Please do not hesitate to contact the team if you have any questions.