Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
22-41
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 22 Email Authentication
Forged Email Detection
Forged Email Detection
Email forging (also known as spoofing, CEO fraud, or business email compromise) is the process of
altering the message header to hide the real identity of the sender and to make it look like a legitimate
message from someone you know. Assume that a fraudster impersonating as an executive of an
organization, is sending a forged message to an employee asking to send a list of clients and their
personally identifiable information (PII). The employee, unaware of the real identity of the sender,
provides a list of clients and their PII. The fraudster uses the PII to perform identity theft.
altering the message header to hide the real identity of the sender and to make it look like a legitimate
message from someone you know. Assume that a fraudster impersonating as an executive of an
organization, is sending a forged message to an employee asking to send a list of clients and their
personally identifiable information (PII). The employee, unaware of the real identity of the sender,
provides a list of clients and their PII. The fraudster uses the PII to perform identity theft.
Cisco Email Security appliance can detect fraudulent messages with forged sender address (From:
header) and perform specified actions on such messages. For example, your appliance can detect
messages with forged sender address and replace the From: header with the Envelope Sender. In this
case, the employee will see the email address of the real sender (fraudster’s) instead of the forged email
address.
header) and perform specified actions on such messages. For example, your appliance can detect
messages with forged sender address and replace the From: header with the Envelope Sender. In this
case, the employee will see the email address of the real sender (fraudster’s) instead of the forged email
address.
Related Topics
•
•
•
Setting Up Forged Email Detection
1.
Identify the users in your organization (for example, executives) whose messages are likely to be
forged. Create a new content dictionary and add the names of the identified users to it.
forged. Create a new content dictionary and add the names of the identified users to it.
While creating a content dictionary,
–
Enter the name of the user and not the email address. For example, enter “
Olivia Smith
”
instead of “
olivia.smith@example.com
.”
–
Do not configure Advanced Matching and Smart Identifiers.
–
Do not choose weight for the terms used.
–
Do not use regular expressions.
The following figure (
) shows a sample content dictionary created for Forged Email
Detection.