VIDEO: How To Protect Your Company From Email Scams

by | Mar 6, 2019 | The Internet

Creative Commons Music By: https://www.bensound.com

Not too long ago, one of our clients was hit with a sophisticated email scam attempt. Although they were able to contain the situation before anything bad happened, it’s still a great example to learn from.

Here’s how things went down (I’m going to keep it at a high level to protect the confidentiality of our client)…

  1. The bad guys sent out an email to all employees pretending to be the business owner.
  2. The email asked the employees for a favor.
  3. The email spoofed the display name only (not the email address). Regardless, at first glance, the email request seemed legit.
  4. The bad guys proceeded to interact in realtime with employees who replied to the email.
  5. The request was for gift cards to be given to a client.
  6. Multiple employees did the right thing, and they called their boss to confirm the request.
  7. All employees were then notified of the scam.

Neither our client (nor our client’s employees) lost any money in the process, yet not all businesses are so fortunate.

Although we don’t manage our client’s email, we still offered up some advice on how to protect against something like this in the future.

Here’s one of the things we shared with our client that should reduce the likelihood of something similar happening in the future.

You may also be interested in: How To Safely And Easily Manage Your Passwords

Understanding This Email Security Concept 

What I’m going to share with you is how to add something specific to the subject line of all emails you receive from outside of your company.

Now, I’m going to show you how this can be done in G Suite (because that’s what we use here at Pixelayn), but you should be able to do this in any email platform you use (i.e. Office 365, etc.).

The important thing I want you to keep in mind is the concept. The concept being that if you are made aware that an email is from an external person by simply looking at the subject line, then you are less likely to be caught off guard.

So, our goal is to add [EXTERNAL] to the front of all subject lines for emails we receive from outside of our organization.

For example: if you receive an email with a subject line of “Having trouble logging in to our CRM”

  • The subject if received from inside of the company: Having trouble logging in to our CRM
  • The subject if received from outside of the company: [EXTERNAL] Having trouble logging in to our CRM

Okay, let’s now go into the specifics around setting up this inbound email rule in G Suite.

#1: Navigate To G Suite Compliance Settings 

  1. Go to your G Suite admin console
  2. Click Apps
  3. Click G Suite
  4. Click Gmail
  5. Click Advanced Settings
  6. Scroll down to the Compliance section

#2: Open The Content Compliance Window  

  1. Scroll down to Content Compliance
  2. Click on Configure

#3: Configure A Content Compliance Setting (Aka a Rule) 

In the add setting window

  1. Add a name for this setting
  2. Select Inbound
  3. Click Add within the Expressions area
  4. Select Advanced content match
  5. Select Subject from Location
  6. Select Not contains text from Match type
  7. Type [EXTERNAL] to the Content text box
  8. Click SAVE
  9. Select Modify message
  10. Check the checkbox next to Prepend custom subject and type “[EXTERNAL] ” without the quotes. Be sure to include a space after [EXTERNAL].
  11. Click ADD SETTING within the add setting window

In the general settings window

  1. Click SAVE in the bottom right hand corner

Wrapping Up 

There is one thing I’ve noticed when putting this setting in place in G Suite. When I was testing the setting, and I sent in an email with the same subject line as a prior email (before the setting was in place), it didn’t work as expected.

The [EXTERNAL] wasn’t added to the subject line.

However, when I deleted the original message (that was sent prior to the rule being in place), the [EXTERNAL] was then added just fine on newly received messages.

Something to think about if you run into any snags or inconsistent results.

Regardless of what email system your business uses, I’d encourage you to implement something similar to this. If you really hate how [EXTERNAL] looks, then choose something else.

And, although I haven’t tested it out, I would think you could add an outbound rule to remove the [EXTERNAL] so your clients don’t even know you do this. That’ll be another test for another time.

If you have any questions or comments, connect with us on Twitter (@TeamPixelayn). Or, you can connect with me directly on Twitter (@rdglick) or shoot me an email at (ryan at pixelayn dot com). 

Ryan has been heavily involved in the world of Information Technology and entrepreneurship since the early 2000s. From small business consulting to Fortune 500 IT leadership, Ryan has a wide array of industry knowledge. He earned his BBA from the University of Iowa in 2004 majoring in Management Information Systems and later earned his MBA from the University of Iowa in 2009 with a focus on Management and Marketing. When he's not spending time with his wife and three young children, you'll find Ryan pounding away at his keyboard, spinning on his Peloton, or listening to a good audiobook or podcast.

Connect with Ryan on Twitter or Instagram.

Ryan Glick

Co-Founder, Pixelayn Innovations

Ryan has been heavily involved in the world of Information Technology and entrepreneurship since the early 2000s. From small business consulting to Fortune 500 IT leadership, Ryan has a wide array of industry knowledge. He earned his BBA from the University of Iowa in 2004 majoring in Management Information Systems and later earned his MBA from the University of Iowa in 2009 with a focus on Management and Marketing. When he's not spending time with his wife and three young children, you'll find Ryan pounding away at his keyboard, spinning on his Peloton, or listening to a good audiobook or podcast.

Connect with Ryan on Twitter or Instagram.

Ryan Glick

Co-Founder, Pixelayn Innovations