Jump to content


Photo

Spoofed Usernames


  • Please log in to reply
5 replies to this topic

#1 Michael Lynch

Michael Lynch
  • Members
  • 20 posts

Posted 23 January 2019 - 01:05 PM

We've been having a "whaling" issue recently. We'll get a rash of emails with the username of our CEO but the email address is BS. Is there a setting in the Barracuda Spam Firewall so that we can lock down Usernames for our employees to their proper company email address, effectively rendering this whole type of spamming/phishing moot?

Thanks!



#2 Michael Lynch

Michael Lynch
  • Members
  • 20 posts

Posted 23 January 2019 - 01:19 PM

I was inaccurate in my post . I meant that we're getting a rash of emails with the display name of our CEO, but an incorrect address. Can we lock down display names to specific email addresses?



#3 Thomas Sapunarich

Thomas Sapunarich
  • Members
  • 1 posts

Posted 05 April 2019 - 01:21 PM

I've run into the same thing here.  Has someone been able to assist with this issue?



#4 Forrest Mook

Forrest Mook
  • Members
  • 58 posts

Posted 08 April 2019 - 03:20 PM

The following isn't a terrific solution, but might be helpful anyway since I don't know any way for the Barracuda to specifically do you what you're asking.

 

Assuming your CEO's name was Bill Smith, how about header filters like the following:

 

From: Bill Smith

From: "Bill Smith"

From: Smith, Bill

From: "Smith, Bill"

etc......

 

Obviously it depends on an exact match, so like I said probably not the greatest option.



#5 Forrest Mook

Forrest Mook
  • Members
  • 58 posts

Posted 08 April 2019 - 03:23 PM

And for what it's worth, there have been other requests on here for the same type of functionality that you're asking for.   So perhaps we can all rally up enough support to get Barracuda to implement something.

 

Myself personally, I'd like to have Barracuda implement a way to add a "warning" to the body of each email saying that the email is from an external source.



#6 Michael Lynch

Michael Lynch
  • Members
  • 20 posts

Posted 09 April 2019 - 09:32 AM

Thanks for all the replies.

 

Presently I append a warning through my Exchange server to emails from outside my company which have a company user display name. It points up some of the difficulties, as there are so many variations on someones name that end up in the Display Name field of these malicious emails. But I would think Barracuda engineers could come up with some rule that would allow you to say that if a display name that contains, regardless of order, the first and last name of an internal user, and the email address associated with that display name is NOT the user's internal email address,  tag it,  quarantine it or block it. Doesn't seem like rocket science to me.