mirror of
https://github.com/cypht-org/cypht.git
synced 2026-04-25 21:15:56 +03:00
[GH-ISSUE #1115] Improve detection and protection against business email compromise (BEC) like CEO Fraud, etc. #574
Labels
No labels
2fa
I18N
PGP
Security
Security
account
advanced_search
advanced_search
announcement
api_login
authentication
awaiting feedback
blocker
bug
bug
bug
calendar
config
contacts
core
core
devops
docker
docs
duplicate
dynamic_login
enhancement
epic
feature
feeds
framework
github
github
gmail_contacts
good first issue
help wanted
history
history
imap
imap_folders
inline_message
installation
keyboard_shortcuts
keyboard_shortcuts
ldap_contacts
mobile
need-ssh-access
new module set
nux
pop3
profiles
pull-request
question
refactor
release
research
saved_searches
smtp
strategic
tags
tests
themes
website
wordpress
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/cypht#574
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @marclaporte on GitHub (Jul 9, 2024).
Original GitHub issue: https://github.com/cypht-org/cypht/issues/1115
Originally assigned to: @Danelif, @christer77 on GitHub.
"The second form is name and email spoofing, where the attacker uses both the CEO’s name and their correct sender address. In this form of the attack, the attacker typically uses a reply-to address that is different than the sender address, so that your response to the email will go to them."
Source: https://www.barracuda.com/support/glossary/ceo-fraud
We expose an alternate "reply to" here https://github.com/cypht-org/cypht/pull/781 but we can do better. Related: https://github.com/cypht-org/cypht/issues/1113
See also: https://www.fbi.gov/how-we-can-help-you/scams-and-safety/common-scams-and-crimes/business-email-compromise
@Danelif commented on GitHub (Jul 12, 2024):
I found this https://www.egress.com/blog/phishing/how-can-i-stop-ceo-fraud interresting
@marclaporte commented on GitHub (Sep 28, 2024):
@Danelif What is your next step here?
@Danelif commented on GitHub (Sep 30, 2024):
@marclaporte After meeting with @christer77 we discussed that cypht might check the emails box to compare a suspicious incoming email with previous emails and if a correspondence of 90% is found, let's turn this to spam. For example, if I receive an email from d****@evaludata.com and in my email record I have d***@evoludata.com this mean the incoming email is fake and we spam it directly
@marclaporte commented on GitHub (Sep 30, 2024):
Ok, please explore this.
We already have a feature to screen emails: https://github.com/cypht-org/cypht/issues/1113 so this addresses part of the issue.
Please keep in mind that mail servers often have other methods to filter spam (typically with content).
Maybe it could be interesting to tag the emails as suspicious? https://github.com/cypht-org/cypht/pull/1058
@christer77 commented on GitHub (Apr 30, 2025):
Hello @marclaporte
What's next, please?
@marclaporte commented on GitHub (May 1, 2025):
Thank you @christer77 for https://github.com/cypht-org/cypht/pull/1269