Fight Phishing by Marking External Senders in Office 365

Phishing is becoming a significant threat to many businesses today. A very common type of attack is often achieved through impersonation of the target company’s leadership. This is accomplished several ways, typically by spoofing the sender name of the email.

For more information on that, check out our blog How to Recognize Phishing Attempts.

Therefore, phishing attempts are commonly carried out by imitating a coworker. You can combat this by setting your email or spam filtering service to mark external emails. In doing this, you are providing an additional clue to your staff that the email they’re reading is not from who it says it’s from.

We’ve taken it a step further with a client. We loaded in specific rules regarding the names of staff into the Exchange Online admin center to mark specific email addresses that were designed to appear like employee emails.

This is to say that nothing will take the place of plain old end user education. Keep all your staff up to date on how to recognize these types of attacks.

Here’s how we did it …

How to Tag External Email with Staff Names as Possible Phishing Attempts

Marking External Senders in Office 365

Go to your Exchange admin center console and go to “mail flow”.

Marking External Senders in Office 365

There you will find “rules”. Create a new rule.

Marking External Senders in Office 365

We named ours “External User Caution” but you can call it whatever you want. From there you determine your if/then criteria.

Marking External Senders in Office 365

Type in the usernames that might be spoofed. For myself I did: Kevin Oppihle, Kevin.Oppihle KevinOppihle.

Marking External Senders in Office 365

Marking External Senders in Office 365

Then you just set the priorities or timeframes and hit save!

This is a simple way for smaller organizations to do it. If you have a larger number of employees but want to apply these specific rules, we might able to help you with a PowerShell script to do it.

Send us an email or give us a call if you want some help with this or have any questions about Exchange Online’s security features: 502-240-0404.