David Jones wrote on 29/06/16 2:13 AM: >> From: RW <rwmailli...@googlemail.com> >> That wont work in this example because nothing has actually been >> spoofed. > > Exactly. If I search the Internet for the CEO/CIO/CTO/etc of a company > and send and email from my domain but make the displayed name in > the visible From: be that CEO/CIO/CTO/etc's full name
Oh, that's right. I misunderstood the situation described in the initial post in this thread. SpamAssassin is not the right tool for a spear fishing attack that is a perfectly innocent email that claims nothing wrong from a technical perspective might have no spam signals and relies on the recipient being technically naive and not looking behind the displayed From name. As Dianne Skoll pointed out the proper defense against this type of attack is to have proper financial processes in place. That can include technical measures that would require the CEO to have entered the request in a secure web form instead of by email. But even that is subject to social engineering as ultimately somebody with authority can receive a spear phishing email apparently from someone who can ask them to use that authority. The right thing to do is to actually put in place the measures that people have spent time working out over the years as "proper financial processes" to help prevent not only social engineering hacks but internal fraud and simple mistakes. Bottom line is that the CEO should not be able to initiate a bank transfer with even a legitimate phone call to accounting and a promise to send the details "later". Sidney