It's like Einstein....Managing your Inbox




InboxGenius is a product that runs on your Domino servers and looks for typical approaches to spoofing and prepends [Possible Fraud] right into the subject of the message, alerting the recipient to tread cautiously. We are looking for messages that "pretend" to be internal, but that are really from external sources but use the display name of a senior executive, or that have ReplyTo to an outside domain.



What is Email Fraud?

Email Fraud are messages that are targeted at individuals with power to disburse money. These forge another senior executive name, generally the CEO, hoping to bypass internal financial controls. The amounts vary according to the boldness of the attacker, but generally they target amounts in the $50,000 to $150,000 range.


How is Fraud Different from Spam Mail?

Fraud messages are very different from spam emails in that spam emails attempt to sell something. Fraud is an attempt at stealing from your organization. The approach to fighting these are very different.

In the case of spam, they send large numbers to a wide audience. The fraudulent emails are only sent to one or two people in highly targeted attacks. First they locate the names of high level executives, Then "spoofed" message are sent allegedly from these executives to people empowered to disburse money They hope the recipient will act quickly to please the executive and send money before realizing it is a spoofed message.


How Does Inbox Genius Prevent Email Fraud?

This is part of our genius! When we spot these messages, we highlight them so the user does not automatically click and reply.

Let's take an example of a Fraud Attack:

Bill Gates, a CEO of a large company, sends an email to Ron Jones, who is a financial executive, asking for an "invoice" to be paid. For example, one attack could have this sender:
"Bill Gates" <bill.gates@micros0ft.com>

In most email systems, the display name is all you see, so a reply might miss the fact that the message is going outside the organization.

Here is what Ron Jones will see in his Inbox with InboxGenius:





What happened? Let's look at the reply.

1. Unless you look carefully, you will not notice that this is an EXTERNAL message, not an internal one.

2. InboxGenius, by prepending [Possible Fraud] into the subject of the message, alerts the recipient that this message is a fraud.

3. A reading of the body of the message shows how easy it would be to think this is genuine.
    (This is taken from a real fraud message).






Human Factors

Many people remind their staff that policies and procedures are never to be broken, even if the top executive requests an urgent payment.


So a combination of human factors and message "envelope" analysis can highlight these attacks, which we expect to intensify as they are significantly more lucrative than spam messages.









    ©Copyright 2000-2016 MayFlower Software Inc.