Combating Fraudulent Emails is a Paramount Ability for Managed Security Service Providers

Rui Serra By Rui Serra • May 9, 2017

In a fast-paced corporate environment where every user has to respond to cyber threats in real-time, and where every user owns several accounts from several systems, receiving dozens of emails, any unnoticed fraudulent emails can lead to severe consequences.             

A variety of anti-fraud technologies and controls must be employed to prevent spoofing and phishing attacks. These include: spam filters, anti-virus, blacklists, SPF check, email fingerprinting, and email reputation. Furthermore, email service providers in charge of email security must maintain and enhance their systems to reduce the risk of spoofing and phishing.

The Header-Related Fraud

Constant monitoring of the Email ecosystem through AnubisNetworks MPS has revealed an interesting - and dangerous - increase in Fraud related to impersonating a certain sender account. Whether by Spoofing or by Phishing, AnubisNetworks researchers frequently observed “tricks” around the sender address.  For example, a send address of is used instead of containing a normal message in the body to deceive recipients. In 2016 alone, AnubisNetworks research observed an increase of nearly 100% in email fraud with the tampering of originating sender (FROM) and sender (TO) domains.

AnubisNetworks has recently released its newest MPS version, 6.1.3 to focus on a new functionality block called Anti-Fraud. By analysing sender-recipient relationships, domain reputation, email headers and envelope attributes, and email content, is possible to determine malicious activity related to:

Paramount email security

AnubisNetworks research observed an increase of nearly 100% in email fraud with the tampering of originating sender (FROM) and sender (TO) domains

Spoofed emails:

this is done by determining usage of someone else's email address, acting upon Spoofed domains (emails from own domain, but which fail SPF or DKIM) and identifying a mismatch between the envelope From header and the internal From header.

Phishing detection:

this is done by determining and acting upon Look-a-like domains, and by having the ability to find and compare look alike domains between domain part of env from and env to with env from and header from.

To see these new anti-fraud features in action, sign up for a free trial of AnubisNetworks MPS today.

Free Trial

Author: Rui Serra

With degrees in Computer Engineering and Marketing, Rui started his career managing training documentation for IT Training and consulting firms. He then joined Nokia Siemens Networks as a Documentation Specialist and Project Scrum Master before joining AnubisNetworks in 2009, where he has advanced from managing documentation to Product Manager for the growing Product Portfolio.

Find me on: