Stoic | Posts: 8

Fishing emails

0 votes

Hi there,

 

Did you encounter any fishing emails that mimics OneSpan emails? If yes, what kind? And what would your recommendation to identify a fishing email and then to mitigate risk to open fishing email?


Duo_Liang | Posts: 3776

Reply to: Fishing emails

0 votes

Hi Stoic,

 

I haven't encountered such a scenario, but in a general perspective, I believe these points could help you mitigate the risk:
-For e-signature related emails, have your signer/sender only open links when the sender domain is "@onespan.com", "@esignlive.com" or "@e-signlive.com" depending on the account environment. 

-You can customize the email templates (including wording, color theme, HTML layout), so that it became a red flag if your signer/sender received a fishing email that mimics the default email.

-Instead of using the default email delivery service, you can either set up your own SMTP server, or configure DKIM to send out email notifications. 

For more customization options in terms of email templates in OSS, you can refer to my blogs below:

https://www.onespan.com/blog/onespan-sign-developers-email-templates-part-2

https://www.onespan.com/blog/onespan-sign-developers-email-templates-part-3

 

 

Duo


Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off