How do you explain emails like this

DustinB3403

I'm using @scottalanmiller as an example here. Assuming Scott was an employee where I work, and me knowing that this email is spam (although not shown in what the IT department received) I'm positive the email address is something like "[email protected]"

On 11/27/18, 10:12 AM, "Scott Alan Miller" wrote:

Good day ,

I need to update my pay check direct deposit information

Thanks.
Scott Alan Miller

Sent from my iPad

How do you explain to your users who to understand that this is such obvious spam if they can't take the time to read the details?

DustinB3403

I've tried the "Did you read who this was from approach" and showed the user how to view the email address. But alas they don't seem to grasp that there is more to an email than the body of said email.

scottalanmiller

This is an HR question. How do you explain to HR that they need to fire people who can't be bothered to verify details in emails?

zachary715

Don't pass sensitive information over e-mail without discussing with said person first, if at all. Where I work, physical forms have to be filled out and signed for this sort of thing. For any sort of sensitive information, verify with the individual personally before proceeding.

DustinB3403

@zachary715 said in How do you explain emails like this:

Don't pass sensitive information over e-mail without discussing with said person first, if at all. Where I work, physical forms have to be filled out and signed for this sort of thing. For any sort of sensitive information, verify with the individual personally before proceeding.

While I would agree, for private transactions a simple G.T.F.U.a.V. should/maybe is already required.

But we get a bunch of generic spam like this from one off addresses to all kinds of people throughout the org, some like this with private account changes, others with "come see me" type stuff.

scottalanmiller

@DustinB3403 said in How do you explain emails like this:

@zachary715 said in How do you explain emails like this:

Don't pass sensitive information over e-mail without discussing with said person first, if at all. Where I work, physical forms have to be filled out and signed for this sort of thing. For any sort of sensitive information, verify with the individual personally before proceeding.

While I would agree, for private transactions a simple G.T.F.U.a.V. should/maybe is already required.

But we get a bunch of generic spam like this from one off addresses to all kinds of people throughout the org, some like this with private account changes, others with "come see me" type stuff.

Come see me isn't bad, just walk into the office and see if they really sent the email.

zachary715

@DustinB3403 said in How do you explain emails like this:

While I would agree, for private transactions a simple G.T.F.U.a.V. should/maybe is already required.

You're going to have to break down that acronym for me...

DustinB3403

@zachary715 said in How do you explain emails like this:

@DustinB3403 said in How do you explain emails like this:

While I would agree, for private transactions a simple G.T.F.U.a.V. should/maybe is already required.

You're going to have to break down that acronym for me...

Get The F*** Up and Verify.

zachary715

@DustinB3403 said in How do you explain emails like this:

@zachary715 said in How do you explain emails like this:

@DustinB3403 said in How do you explain emails like this:

While I would agree, for private transactions a simple G.T.F.U.a.V. should/maybe is already required.

You're going to have to break down that acronym for me...

Get The F*** Up and Verify.

I'm not quite 30 yet, but I swear I'm like an old person which all these abbreviations/acronyms. I don't understand any of them and they drive me crazy.

scottalanmiller

@zachary715 said in How do you explain emails like this:

@DustinB3403 said in How do you explain emails like this:

@zachary715 said in How do you explain emails like this:

@DustinB3403 said in How do you explain emails like this:

While I would agree, for private transactions a simple G.T.F.U.a.V. should/maybe is already required.

You're going to have to break down that acronym for me...

Get The F*** Up and Verify.

I'm not quite 30 yet, but I swear I'm like an old person which all these abbreviations/acronyms. I don't understand any of them and they drive me crazy.

GOOMLYDWS

zachary715

@scottalanmiller said in How do you explain emails like this:

@zachary715 said in How do you explain emails like this:

@DustinB3403 said in How do you explain emails like this:

@zachary715 said in How do you explain emails like this:

@DustinB3403 said in How do you explain emails like this:

While I would agree, for private transactions a simple G.T.F.U.a.V. should/maybe is already required.

You're going to have to break down that acronym for me...

Get The F*** Up and Verify.

I'm not quite 30 yet, but I swear I'm like an old person which all these abbreviations/acronyms. I don't understand any of them and they drive me crazy.

GOOMLYDWS

Now you're just being a pain in the @$$

Obsolesce

@DustinB3403 said in How do you explain emails like this:

I'm using @scottalanmiller as an example here. Assuming Scott was an employee where I work, and me knowing that this email is spam (although not shown in what the IT department received) I'm positive the email address is something like "[email protected]"

On 11/27/18, 10:12 AM, "Scott Alan Miller" wrote:

Good day ,

I need to update my pay check direct deposit information

Thanks.
Scott Alan Miller

Sent from my iPad

How do you explain to your users who to understand that this is such obvious spam if they can't take the time to read the details?

Been there.

Train HR to verify with user first, or to submit a hard copy request.

scottalanmiller

@zachary715 said in How do you explain emails like this:

@scottalanmiller said in How do you explain emails like this:

@zachary715 said in How do you explain emails like this:

@DustinB3403 said in How do you explain emails like this:

@zachary715 said in How do you explain emails like this:

@DustinB3403 said in How do you explain emails like this:

While I would agree, for private transactions a simple G.T.F.U.a.V. should/maybe is already required.

You're going to have to break down that acronym for me...

Get The F*** Up and Verify.

I'm not quite 30 yet, but I swear I'm like an old person which all these abbreviations/acronyms. I don't understand any of them and they drive me crazy.

GOOMLYDWS

Now you're just being a pain in the @$$

Get Off Of My Lawn You Damn Whipper Snapper

DustinB3403

Paging @stus

wirestyle22

@DustinB3403 We use a product from CodeTwo that puts a banner on anything that comes from the outside. It works.

DustinB3403

@wirestyle22 Can you show us a sample. While I don't think we'll be able to use this I'd like to see what it looks like.

wirestyle22

@DustinB3403 It also puts [EXTERNAL] in front of the e-mail. Product is called Exchange Rules Pro

jt1001001

I'm actually looking at doing something similar using Transport Rules on O365.

manxam

Print out this poster from SANS in an entire wall format and post it on every wall?
https://www.sans.org/security-awareness-training/resources/posters/dont-get-hooked

EDIT: Embed!
alt text

Dashrender

@jt1001001 said in How do you explain emails like this:

I'm actually looking at doing something similar using Transport Rules on O365.

Yeah, I've been thinking about this as well.