Confirm external recipients in Outlook before emails are sent

Press Releases   •   Oct 17, 2018 11:07 CEST

4 Business Email Compromise (BEC) Scams Nobody Saw Coming

What would you do if your CEO sent an email requesting a wire transfer to move forward with a time-critical project? Or if a major supplier was threatening to terminate a contract unless you pay an overdue bill ASAP? You’d probably be tempted to do as asked… yet there is a good chance that this is a trap.

Over the past 3 years, business email compromise (BEC) attacks have cost more than $5 billion to companies and individuals according to statistics from the FBI. If you are not familiar with the term, BEC is a type of phishing attack in which one or more scammers impersonate a trustable source, like heads of department or CEOs, and ask the victim to proceed with fund transfers.

While many BEC scams have happened around the world, we want to talk about four of them in particular because they led to substantial — yet avoidable — financial losses. In fact, these incidents could surely have been prevented had victims used SafeSend’s spearfishing functionality for the detection of spoofed email addresses.

Kansas County, $566,000

What could go wrong with a contractor asking to update billing details? Your accounting department probably deals with requests like that all the time, especially if you work with many suppliers. Alarmingly, however, your staff probably see this as a routine task, meaning no suspicions or objections are raised when it should be the case.

Indeed, it is precisely what cybercrime fraudster George James counted on when he managed to deceive the Kansas County’s Automated Clearing House into swapping a local construction company’s billing records for his. The scam was very simple to execute. James only had to use a fake email address pretending to be the firm’s CEO and asked the county to proceed with an electronic payment of $566,000.

SafeSend would have helped to see the hoax coming, flagging the impostor in any outgoing email sent. By confirming external recipients in Outlook before emails are sent, this could have been solved!

Aussi Multi-Millionaire, $1 million

Like it or not, being wealthy or holding a senior position in a large enterprise makes you the potential target of cybercrime. Australian millionaire John Kahlbetzer learned that the hard way after his assistant, Christine Campbell, got duped by a forged email address which prompted her to transfer $1 million to a bank account in the UK.

How did that happen? Why didn’t Christine see that it wasn’t her boss’ email address? Well, it almost was, except for that character missing — which most people would have overlooked as well.

Here again, SafeSend’s spearfishing functionality could have put an end to the scam, as replying to a spoofed email address can automatically trigger a pop-up warning window.

MacEwan University in Edmonton, $11.8 Million

A staff member from MacEwan University thought he was only doing his job modifying the electronic banking information of a vendor. The request seemed very legit and led to three fraudulent payments totaling $11.8 million over a 9-day period. Remarkably, two other staff members were cc’d at some point in the email thread, but nobody noticed something was off.

The university decided to review its business processes to avoid further incidents, including the implementation of stronger policies and controls. As part of this, they could hugely benefit from a solution like SafeSend to prevent similar phishing attacks in the future.

FACC AG., €52.8 Million

BEC scams can put large enterprises in an extremely delicate financial position as illustrated by FACC’s share price going down 38% following a massive whaling attack targeting its CEO, Walter Stephan. Fraudsters impersonated him using a forged email address and tricked a subordinate into wiring €52.8 million to a fraudulent bank account.

Both CEO and CFO were fired after the incident, and FACC had to report an operating loss of €23.4 million that fiscal year. A €18.6 million profit could have been declared instead had the victim detected that Stephan’s email address was spoofed using a solution like SafeSend that can confirm external recipients before emails are sent .

What would you do if your CEO sent an email requesting a wire transfer to move forward with a time-critical project? Or if a major supplier was threatening to terminate a contract unless you pay an overdue bill ASAP? You’d probably be tempted to do as asked… yet there is a good chance that this is a trap.

Read more »

Warning before sending outgoing emails in Outlook

Press Releases   •   Dec 15, 2017 13:58 CET

Did you just have the feeling of regret exactly the moment of pressing the Send button in Outlook? The truth is that most people have had that feeling of sending an incomplete or misaddressed email. Let’s hope you can fix that mistake with a follow-up note apologizing and asking the unintended recipient to delete the message as well as any attachment ASAP.

Warning in Outlook when sending to external domains

Press Releases   •   Apr 28, 2017 13:04 CEST

SafeSend is adding new functionality to warn users when emailing attachments to personal email addresses. This follows the main object of SafeSend, namely to display a warning in Outlook when sending to external domains. The new functionality was added due to the many recent reported breaches within this breach category. Start using SafeSend today and never send an email to the wrong recipient!

Prompt before sending email to outside recipients

Press Releases   •   Jan 29, 2017 00:42 CET

SafeSend will prompt before sending emails to outside recipients. This is really great because the majority of email are internal anyway and then there is no lost time for the user. And when the SafeSend popup dialog is displayed, it takes very little time for the user to confirm it.

SafeSend can trigger encryption

Press Releases   •   Jun 19, 2016 23:18 CEST

We have exciting news to share. SafeSend can now ask your users if they like to encrypt their email based on different conditions. One such condition can be if files are attached to the email. Another such condition can be that the DLP Content Scanning has found sensitive content in the email. We have added this functionality because it is common that users forget to encrypt their emails even...

Logging/auditing in SafeSend

Press Releases   •   May 01, 2016 21:44 CEST

The latest version of ​SafeSend offers improved logging capabilities. It is now possible to log outgoing email activity to physical files and to the Windows Event Log. The physical file logging uses log rotation for incredibly fast performance while still limiting the size of the log files. With logging to Windows Event Log, administrators can use third party tools to extract log information...

Confirmation before sending external email

Press Releases   •   Mar 08, 2016 16:47 CET

Did you know that SafeSend can create a confirmation before sending external email in Outlook? SafeSend is a simple and effective way of improving data loss prevention via email. Never allow the wrong recipient selected by autocomplete cause data leakage. You can also see the different recipient domains in different colors to easily spot outliers added by mistake. Start using SafeSend to being ...

Popup before sending emails to external users

Press Releases   •   Jan 27, 2016 22:13 CET

A ​popup before sending external emails can be very useful to improve enterprise security as there are numerous examples of data leakage caused by misdelivered emails. Just a few days ago, there was this story where the Northwest Territories Power Corporation sent a letter to its customers telling them about a data security breach involving their personal information earlier this month. The ..

Prompt before sending email to outside recipients

Press Releases   •   Dec 11, 2015 23:44 CET

SafeSend has redesigned its website for a clearer messaging. It is now much easier see the available features that SafeSend offers. SafeSend allows you to prompt before sending email to outside recipients.

SafeSend is specifically engineered to prevent accidental data leakage via email. Let your users confirm external recipients and review attached files before they send external emails. You can even color code different recipient domains so that outliers stand out.

​SafeSend has redesigned its website for a clearer messaging. It is now much easier see the available features that SafeSend offers. SafeSend allows you to ​prompt before sending email to outside recipients.

Read more »

Warning before sending emails in Outlook

Press Releases   •   Nov 27, 2015 17:50 CET

Have you ever wondered ​if it is possible to get a ​warning before sending emails in Outlook? It is now possible with SafeSend! SafeSend warns the users that the recipients are external and shows a popup dialog where the users have to confirm each external recipient.

About SafeSend Email Security for Outlook

Prevent commercially sensitive emails being sent to the wrong people

SafeSend AS is an privately held software company located in Olso, Norway. We developed SafeSend as a solution to a problem: “To prevent the accidental emailing of confidential emails outside the company domain by mistake”. Today SafeSend is a trusted product in use by many organizations around the world, protecting organizations from accidentally transmitting sensitive information to the wrong parties. The majority of our sales are outside of Norway and many of our customers are located in the U.S.

Subscribe via RSS