Email Warnings No Longer Guarantee Messages Are From Within

Published: October 11, 2024 on our newsletter Security Fraud News & Alerts Newsletter.

You may have seen this warning, or something like it, at the end of email messages: “CAUTION: This email originated from outside of the organization.” Such an alert intends to let you know that the message you are receiving is not coming from a colleague with an email address from within your organization. It’s supposed to serve as a warning that something in the message just may be trying to phish you. Now, those rascally rabbit cybercriminals have figured out a way to get rid of it.

According to the folks over at BW Cyber, a researcher found that there is a way that those warning texts can be “turned off” within the email message. The attacker merely has to add some text in the header. While you cannot see it in the message itself, the good news is that you can see it in the preview pane. But, remember the old days when attackers could actually succeed with you merely looking at the message in the preview pane? Yes, that still happens too.

So, what can you do about it? Well, that’s a tough one. You still need to be diligent and take a gander at email messages from unknown senders or from anyone you may not have heard from in a while. If there is a link or attachment inside and either of those two apply, don’t click it without verifying it first, independently from the email message. If it’s someone you know sending the you message or you are expecting it, there is less risk, but you should always take some time to be sure it’s legitimate before clicking it. Nothing is foolproof.

Other indicators of phishing:

• Poor grammar and spelling

• Blurry graphics

• Typos

• Generic greetings

• A sense of urgency or something bad will happen

  
  

Even though those warnings are indeed helpful, we can never be sure there is not something nefarious going on in email messages that include them. So always take time to evaluate whether or not they are safe before clicking.

The researcher noted that this is not dependent upon any email service provider or email client and there isn’t anything we can do, as users, to stop or prevent it. However, Microsoft has announced that it may have a solution in the near future for IT administrators. In the meantime, keep the peepers open for phishing.

Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at advisor@nadicent.com