Fishing emails
Wednesday, March 16, 2022 at 11:13amHi there,
Did you encounter any fishing emails that mimics OneSpan emails? If yes, what kind? And what would your recommendation to identify a fishing email and then to mitigate risk to open fishing email?
Reply to: Fishing emails
Wednesday, March 16, 2022 at 12:07pmHi Stoic,
I haven't encountered such a scenario, but in a general perspective, I believe these points could help you mitigate the risk:
-For e-signature related emails, have your signer/sender only open links when the sender domain is "@onespan.com", "@esignlive.com" or "@e-signlive.com" depending on the account environment.
-You can customize the email templates (including wording, color theme, HTML layout), so that it became a red flag if your signer/sender received a fishing email that mimics the default email.
-Instead of using the default email delivery service, you can either set up your own SMTP server, or configure DKIM to send out email notifications.
For more customization options in terms of email templates in OSS, you can refer to my blogs below:
https://www.onespan.com/blog/onespan-sign-developers-email-templates-part-2
https://www.onespan.com/blog/onespan-sign-developers-email-templates-part-3
Duo
Duo Liang OneSpan Evangelism and Partner Integrations Developer