CxO Fraud Detection as part of our Email Security Services protects corporate inboxes against spoofing and business email compromise. We have now expanded the service, which also changes the filter logic.
And this is what it’s all about: Our CxO Fraud Detection service first and foremost sets its sights on countering cyber attackers who impersonate colleagues or supervisors. That’s why we focus on filtering out emails for which a recipient’s response would be sent to an external address. At the same time, we haven’t been blocking any emails which have reply-to addresses pointing to your own email domain.
However, there are also emails to which a cybercriminal doesn’t expect an answer and consequently leaves the reply-to field empty. The attacker still pretends to be the victim’s coworker or boss, but may state that he will call later or send account details for an immediate bank transfer. For this reason, we have now made it possible to deactivate the checking of the reply-to field in the CxO Fraud Detection service if required.
Several of our customers receive newsletters which are both legitimate and desired from external service providers using the customer’s own domain as the sender address. We are currently not filtering out such messages. With the new filter logic, you first have to add the respective sender addresses to the whitelist for CxO Fraud Detection (or on the whitelist for AntiSpam, should you be using both services), otherwise the messages will end up in quarantine. So we kindly request that you check if you have such use cases prior to activating the new filter logic. You can initiate the latter by sending an informal message to Retarus Support. If you have any questions regarding this service extension, you are of course welcome to contact us by e-mail or telephone. Please see your Support Guide for local contact addresses.
Irrespective of the changes described above, as an administrator you are now able to manage the CxO Fraud Detection service, including the attendant Whitelist and Targeted Members Blacklist, in the new EAS email portal. This also applies to other services, such as Sandboxing or Patient Zero Detection. You can access these new settings via Reports > Email Services > Live Search > Administration (the little detour via Live Search is soon to be dropped, as we migrate the existing functions into the new portal step by step). You can find detailed information about all setting options in the “Admin Docu Email Security”, which you can download from the Support > Documentation section of the EAS portal.