18
My worst cyber week ever started with a fake email from my own boss
Last Wednesday I got an email that looked exactly like our CEO asking me to buy $50 in gift cards for a client reward. I almost did it too because it came from inside our company system. Turns out someone hacked his email and was sending those to everyone in our department. Three other people fell for it before IT caught on. What security tools do you use to catch these internal email spoofs before someone clicks?
3 comments
Log in to join the discussion
Log In3 Comments
michael_coleman1011d ago
Did you check if your company has DMARC set up on their email domain? That stops spoofed emails from getting through most of the time. We use a combination of DMARC and a security awareness training platform that sends fake phishing emails to test people. It catches the obvious stuff. But honestly the real fix is making it easy to report suspicious emails with one button. That way IT can warn everyone fast. Lesson learned always call to verify anything money related even if it looks legit.
0
drewgonzalez11d ago
Huh, you know what, I used to think DMARC was overkill for smaller setups, but after seeing a spoofed email slip through that cost a client a few grand, I totally changed my mind. I was always focused on training people instead of the technical stuff, but you're right that the technical layer blocks so much before it even reaches users. We set up DMARC last month and the number of fake invoice emails that just disappear now is wild. And yeah, making people call to verify is the real gold standard, even if it feels annoying at first.
4
stellanelson10d ago
Oh absolutely, we switched to DMARC after a close call and now those fake invoices just vanish into thin air.
1