CxO Fraud Detection
CxO fraud detection is used to detect phishing attacks. It compares the sender name of incoming emails with the names of company users. Fake emails sent to you on behalf of superiors or employees are intercepted in this way.
During the analysis different variants of the sender name are included in the comparison:
- Jane Doe
- Doe Jane
- JaneDoe
- DoeJane
All corporate users that you want to use for CxO Fraud Detection must first be registered for the respective Corporate users.
Getting to know CxO Fraud Detection
Getting to know CxO Fraud Detection
To familiarise yourself with how CxO Fraud Detection detection works, we recommend the following approach:
-
Add the email addresses of your IT staff to the appropriate AD group, not those of senior management. See Automating the user import.
-
Create a separate, temporary rule that filters to the IT staff's private email addresses as senders and the company email addresses as recipients .
-
Now simulate attacks by sending emails from IT employees' private email addresses to their corporate email addresses.
-
Observe how the CxO Fraud Detection would behave if it were fully activated. The information on the Activities tab of an email in Message Tracking is helpful here. See Viewing email details.
This allows your IT staff to understand how CxO Fraud Detection works.
Before the actual activation of CxO Fraud Detection in NoSpamProxy, the IT department should inform senior management that they are now more carefully protected. It is often the case that higher management levels also communicate between private and business identities. If CxO Fraud Detection is activated, it is likely that this type of communication will be prevented by NoSpamProxy.
Senior management should therefore be informed about how Level of Trust can help to allow this communication to continue, for example by sending an email from internal to external and replying to this email.