{"id":19862,"date":"2022-07-21T16:12:41","date_gmt":"2022-07-21T12:12:41","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/phishing-stamp-verified\/19862\/"},"modified":"2022-07-21T16:12:55","modified_gmt":"2022-07-21T12:12:55","slug":"phishing-stamp-verified","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/phishing-stamp-verified\/19862\/","title":{"rendered":"Smells phishy: e-mails marked safe"},"content":{"rendered":"<p>When sending phishing e-mails or malicious attachments, scammers deploy a host of tricks to persuade you to click a link or open a file. One such trick is to add all sorts of stamps indicating that the link or attached file is trustworthy.<\/p>\n<p>As silly as it may sound, this approach does work. Someone well-versed in information security might not fall for it, but many less IT-savvy employees can be taken in. So, we recommend that infosec managers give their colleagues an occasional rundown of even the most basic cybercriminal ploys.<\/p>\n<h2>What do \u201cverified\u201d stamps look like?<\/h2>\n<p>\nThere is, of course, no one single type\u00a0\u2014 each attacker has their own. We\u2019ve seen many different examples, but they tend to be variations on the following themes:\n<\/p>\n<ul>\n<li>The attached file has been scanned by an antivirus (sometimes a logo follows).<\/li>\n<li>The sender is on the trusted list.<\/li>\n<li>All links have been scanned by an anti-phishing engine.<\/li>\n<li>No threats have been found.<\/li>\n<\/ul>\n<p>\nHere\u2019s an example of a phishing e-mail from attackers posing as support staff to trick the recipient into clicking the link and entering their Office\u00a0365 credentials. For extra plausibility, it claims that the message\u2019s sender is verified.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2022\/07\/21161248\/phishing-stamp-verified-letter.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2022\/07\/21161248\/phishing-stamp-verified-letter.png\" alt=\"Letter with a stamp \" this sender has been verified from the safe senders list width=\"1110\" height=\"765\" class=\"aligncenter size-full wp-image-44908\"><\/a><\/p>\n<p>But in this case, the stamp \u201cThis sender has been verified from the [company name] safe senders list\u201d should be a red flag.<\/p>\n<h2>How to react to an e-mail marked safe<\/h2>\n<p>\nEven though phishing or malicious e-mails usually demand a quick response (in the above example, under the threat of losing access to your work e-mail), a quick response is precisely what you should never give. First, ask yourself the following questions:\n<\/p>\n<ul>\n<li>Have you seen this stamp before? If you\u2019ve been at the company for at least a week, this probably isn\u2019t the first e-mail you\u2019ve had.<\/li>\n<li>Have any of your coworkers ever seen such a stamp in their work e-mails? If in doubt, it\u2019s better to check with a more experienced colleague or IT employee.<\/li>\n<li>Is the stamp appropriate in the context? Sure, sometimes a \u201cFile scanned\u201d or \u201cLink scanned\u201d stamp can make sense. But if the sender supposedly works in the same company as you, how can their corporate e-mail address not be on the trusted list?<\/li>\n<\/ul>\n<p>In fact, modern mail filters work in the opposite way: they mark potentially dangerous e-mails, not ones given a clean bill of health. E-mails are marked to indicate that a dangerous link or attachment has been removed, or that they may be spam or phishing. And in the case of Outlook in Office 365, such stamps are usually placed not in the body of the message, but in special fields. More often, however, such e\u2011mails are simply deleted before they ever get to the addressee, or end up in the junk folder. Marking safe messages is inefficient.<\/p>\n<p>The practice was employed in free mail services in the past, but the real purpose was always to underline a competitive advantage: a built-in filter or antivirus engine.<\/p>\n<h2>How to stay safe and protect your company<\/h2>\n<p>\nOnce again, we recommend that you every now and again inform your colleagues of the cybercriminal tricks of the trade (for example, you can send them a link to this post). For added robustness, it\u2019s a good idea to raise their cyberthreat awareness with the help of <a href=\"https:\/\/k-asap.com\/en\/?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder____kasap___\" target=\"_blank\" rel=\"noopener\">special services<\/a>.<\/p>\n<p>And to make it clear without any stamps in the e-mail body that an attachment has been scanned for all possible cyberthreats, we recommend implementing <a href=\"https:\/\/www.kaspersky.com\/small-to-medium-business-security\/mail-server?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder____ksms___\" target=\"_blank\" rel=\"noopener nofollow\">protection at the mail gateway level<\/a> or using specialized . <a href=\"https:\/\/me-en.kaspersky.com\/small-to-medium-business-security?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">Workstation-level protection<\/a> with a reliable anti-phishing engine wouldn\u2019t hurt either.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-trial\">\n","protected":false},"excerpt":{"rendered":"<p>Work e-mails stamped \u201cverified\u201d should set alarm bells ringing. <\/p>\n","protected":false},"author":2598,"featured_media":19865,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1916],"tags":[1815,76,695],"class_list":{"0":"post-19862","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"tag-e-mail","10":"tag-phishing","11":"tag-scam"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/phishing-stamp-verified\/19862\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/phishing-stamp-verified\/24396\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/phishing-stamp-verified\/26789\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/phishing-stamp-verified\/24696\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/phishing-stamp-verified\/25091\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/phishing-stamp-verified\/27439\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/phishing-stamp-verified\/27107\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/phishing-stamp-verified\/33574\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/phishing-stamp-verified\/10878\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/phishing-stamp-verified\/44907\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/phishing-stamp-verified\/19211\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/phishing-stamp-verified\/19770\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/phishing-stamp-verified\/28380\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/phishing-stamp-verified\/25290\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/phishing-stamp-verified\/30761\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/phishing-stamp-verified\/30508\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/phishing\/","name":"phishing"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19862","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2598"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=19862"}],"version-history":[{"count":1,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19862\/revisions"}],"predecessor-version":[{"id":19864,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19862\/revisions\/19864"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/19865"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=19862"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=19862"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=19862"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}