How to Fight Back Against Phishing

 

Phishing largely depends on these three factors:

  • It is essentially free to send email

  • It is technically trivial to fake an email return address

  • Email clients are designed with convenience in mind

The External Email – Use Caution Label

Email clients often will display a friendly name when listing emails and only show the true return address when the properties are more deeply investigated.  That is convenient, but the return name is trivial to fake. As you can see, in my messages list it appears as if Ed Schlesinger is writing me an important note.  It’s only if I check at the top of the message that I’ll see that the message is really from fake.dean.ed@gmail.com.

Here’s an example, but with the External Email – Use Caution label enabled.

The situation is worse on mobile email clients, which often don’t have the screen space to display the return address at all.

The obvious tipoff for this, that would make you pause when getting an email from a work colleague, is the big red External Email – Use Caution warning.  How is this turned on?  It’s in MyJH, under Messaging -> Email Settings, and then turn on the external email tag.  The change takes about 30 minutes to become effective.