by Kapua Iao
Article filed in
Are email warning tags effective?
by Kapua Iao
Email warning tags are alerts attached to the top of an email. They typically include the word “External” or “Caution” and remind recipients to verify an email’s source before opening a message.
Warning tags are one of several methods to prevent malicious attacks. Let’s first explore why blocking methods are necessary before scrutinizing the use of email warning tags.
Cyberattacks: an unfortunate daily occurrence
Email is a valuable communication tool because of how easily people can connect to others worldwide. But such technological advancements boost not only interconnectedness but also the risk of cyberattack.
This trend became even worse last year with frequent Coronavirus-related attacks that preyed on stressed and worried people.
Phishing email attacks
Malware (or malicious software) describes any intrusive software that aims to help a cyberattacker gain access to a computer or a network.
RELATED: What Is a Data Breach?
A phishing email is one of the primary methods to disseminate malware. The idea is to trick victims into sharing private information (e.g., PHI) or access.
Spam attacks take less planning and go after anyone, while spear phishing takes forethought (i.e., social engineering) and focuses on specific victims.
Display name spoofing occurs when a hacker copies someone’s display name, making an email look as if it comes from a trusted (often internal) source. Many people fall victim to this type of spoofing because:
- Tired and unaware employees tend to overlook a wrong email address
- By default, smart device apps display a name rather than an email address
- Anyone can create an email address through free email service providers (e.g., Yahoo or Google), using any name
Presently, falling for these types of scams is too easy. This is why it is important to plan and coordinate a layered cybersecurity approach.
So are email warning tags effective?
Organizations use email warning tags to combat such phishing attacks.
It is necessary to understand, however, that seeing an email warning tag does not mean an email is malicious. Rather, it warns a user to verify a source and pay attention.
For example, you receive an email from your manager with the subject “Needs verification.” As you are about to click on the included link, you notice the “External” warning tag.
It is at this point that you check the email address and notice it isn’t from someone in your organization.
Therefore, seeing such tags means asking:
- Is the email actually from someone you know?
- If not, were you expecting an email from outside your organization?
- Does the message make sense? Does it only ask you to click on a link?
- Can you easily search for the person who sent the email?
Unfortunately, specialists worry that such tags reinforce lazy user awareness.
Furthermore, some victims might not even notice the tag. Or even worse, the email address may be spoofed as well (such as firstname.lastname@example.org instead of email@example.com).
Also, warning tags might be viewed as excessive and cause complaints from users since the warning is added to each and every email sent from outside.
Finally, an email warning tag does not stop a phishing email from reaching its intended victim, as described in this Reddit thread.
In other words, external warning tags are not as effective as believed.
Best email security practices
Continuous, up-to-date training encourages employees to recognize and block malicious emails.
And HIPAA compliant email, such as Paubox Email Suite Premium, provides a necessary brick wall between users and phishing emails before such attacks become a problem.
Paubox Email Suite Premium not only provides users with TLS email encryption but also strong inbound security to stop harmful emails from reaching an inbox.
In fact, Paubox’s ExecProtect was built to combat display name spoofing by checking the display name and email address against a list of employees you provide.
Any display name that does not match the email tied to it is immediately quarantined. It’s simple, effective, and it works.
In addition, our Paubox Email Suite Premium includes email data loss prevention (DLP) which blocks employees from transmitting sensitive data outside of your corporate network.
So rather than modifying an email and hoping that employees pay attention, combine necessary training with strong inbound email security and DLP for robust protection.