Watch Your Domain Extensions (Who does that email REALLY come from?)

April 18, 2019
Cyber Alert

Download of PDF of the alert

Risk Management Question

How can you tell if an email—which appears to be from within a firm's own messaging system, advising the recipient that his or her information has expired or needs to be updated, and directing the recipient to click on a link to update their information—is genuine?

The Issue

Recently, several lawyers and secretaries of a law firm received an email purportedly from the firm's own "Messaging System" claiming that the recipient's email was out of date and instructing the recipient to click on a box to update his or her email.

The email was malicious. A few tell-tale signs that the message was bogus included the fact that the firm's email addresses do not go out of date. Only passwords can expire, and the firm's system was set up to alert attorneys and employees of the firm that their password was set to expire several weeks before expiration occurred. Further, the firm did not have a "Messaging System" and the email was designated as an "External email" by the firm's server.

But the real give-away was the domain extension of the sender of the email. The sender of the email in this case was located in Germany. You could tell this by looking at the sender's domain extension—in this case, .de is the domain extension used in Germany.

Risk Management Solutions

Remember, let's be careful out there.