Keyhole

How to quickly tell if an email isn’t from who it says it is

Sometimes you’ll get phished, sometimes you’ll get spear phished (if you’re currently wondering what I’m talking about then have a read of Sophos Threatsaurus).

We’d recommend getting some filtering on your email to help get rid of these before they reach your Inbox, something like Mimecast Offshore especially with their new Targeted Threat Protection feature.

Sometimes these phishing attempts look like they come from a real address as Outlook shows you the “From” address but you’ll notice when you go to reply it’s a different address, this is the “Reply-To” address, if you’re not being vigilant then so might just fire off that email without checking.

To try and highlight these dodgy emails you can configure Outlook to conditionally format the emails when they’re “From” your email domain and they have a “Reply-To” set:

Click View – View Settings – Conditional Formatting – Add….

Set a Name for the rule

Click Font and choose how you want it to appear

OutlookFromReplyTo-Stage1

Then click Condtion and set the from address to be your domain name

OutlookFromReplyTo-Stage2

Then click the Advanced tab and choose Field – Address Fields – Have Replies Sent To and choose the “is not empty” condition and add it to the list

 

OutlookFromReplyTo-Stage3

Click OK all the way out, now when you receive an email from someone pretending to be the big cheese by hiding in the “Reply-To” it will highlight the message so you know not to transfer that wedge of cash.