Article
How to Resolve the Fraud Defense Issue
This guide will help users understand how to resolve Fraud Defense issues detected in emails and implement best practices to reduce the risk of financial fraud.
Review
Review the flagged email. It will contain the following details:
- To: Recipient(s) of the email.
- From: Sender’s email address.
- Date: When the email was received.
- Subject: The email’s subject line.
- Reasons for Flagging: Why the email was flagged (e.g., suspicious domain, lookalike domain).
Note: The “cc” field is not currently displayed but will be added in a future update.
Investigate
Analyze the suspicious emails and understand their impact.
- Assess Severity: Higher severity levels indicate increased urgency and potential risk.
- Analyze the Suspicious Email: Examine the email’s content, sender, and metadata to understand its potential impact.
- Verify Sender Legitimacy: Confirm with the finance or IT security team whether the sender is legitimate or from a trusted source.
- Ensure Sender Reliability: Contact the sender directly through a trusted communication method outside of the email thread.
- Identify High-Risk Requests: Determine if the email requests financial transactions, user credentials, or sensitive data—financial emails pose a higher business risk.
- Evaluate Internal Exposure: Assess how widely the email was distributed within the organization.
- Check Employee Interaction: Verify whether any employees engaged with the email, such as clicking links or opening attachments.
Mitigate
- If fraudulent, take action:
- Notify All Recipients: Inform them not to open attachments, click on links, or engage with the sender.
- Remove the Email: Ensure it is deleted from all inboxes.
- Report the Phishing Attempt: Use Outlook’s “Report Phishing” feature.
- Block the Sender & Domain: Prevent further emails from the malicious source.
- Forward to the Security Team: Share the email for further investigation.
- Strengthen Security: Enable Multi-Factor Authentication (MFA) and reset affected passwords.
- Resolve the Issue in Stance: Mark it as “Resolved” after implementing corrective actions.
- If the email is legitimate, mark the issue as “Not an Issue” in Stance and document the reasoning for future reference.
Monitor
- Track Impacted Mailboxes: Continuously monitor for any unusual activity or suspicious behavior.
- Enhance Employee Awareness: Provide phishing awareness training and reinforce email security best practices.
Conclusion
Users can effectively mitigate financial fraud risks and maintain a secure email environment by following these steps. If you have additional questions, contact our support team at security@at-bay.com or via intercom chat. We’re here to help keep your organization secure!