>> Wessland says such attacks are impossible to pick up with basic spam-filtering technologies, noting that hackers will simply keep creating new fake domains from which to send their targeted messages.<p>Haha, yes that's true: we still do not have the universal fraud detector and stupidity prevention algorithm. Seriously, this is not a system security problem. If you have high-level employees in the finance dept. of your company that will initiate a wire transfer on the basis of an unsigned, unencrypted email from an un-trusted domain, that is a policy/standards/personnel issue.
If this is happening then internal audit procedures are non existent as any significant finance decisions should involve a minimum of two people to authorise transactions to minimise fraud in the first place.<p>This falls under business basics.
That's embarrassing. Isn't it the CFO's job to use his or her discretionary judgment when approving transfers? I think we need to fix business cultures rather than build tools to think for us...
We've had a spate of fake emails between our CFO and CEO in our company.<p>Seeing as we use google apps for our email, it would be really nice if google could warn in their interface that this email may have the CFO's address, but it did not come from internal mail...