Interesting Anti-Phishing Effort–Prepending Warnings To Emails That Originated Outside the Organizational Domain

So this has apparently been around for awhile in Office 365 implementations, but I just ran across it in the wild recently. Transport rules can be configured to display a warning for all received emails that are not sent by someone from within the organization, such as this example:

Prepend Phishing Warning
Prepend Phishing Warning

I thought it was an interesting idea, but apparently people who have deployed this in their organizations find a number of issues:

  1. The warning only appears if you are using Outlook. If I switch and view the message in Thunderbird, no warning.
  2. Not surprisingly, users apparently ignore the warning after awhile.
  3. To the extent it does work, I would be concerned that users would assume any messages that do not have the warning message are, therefore safe. But, at least from my experience, the most effective phishing attacks are two-stage affairs that rely first on compromising a number of organizational accounts, and then using those accounts to spread the actual phishing attack. The lack of a warning message on these emails may ultimately lull employees into a false sense of security.

Leave a Reply