If you are ever tasked with setting up an email format schema, you know that it can have consequences that last throughout the life of the company, whether it is an embarrassing combination of initials, job description changes, migrating accounts / setting up forwards, and so on…
So standardizing and reformatting can be appealing to many companies that want to inject some predictability to their communications. I have seen them all, and the complexity and variation can be astounding, making me wonder if there was some sort of requirement for some software that forced the decision to be as cumbersome as possible.
Recently I was asked to clean up an admin panel that had been passed around multiple people over several years, and it was one that I don’t see as often as you’d think: instead of one format, they have all the formats. Names, roles, abbreviations, punctuation, the whole shebang#!. Everything was mixed in and used simultaneously.
The sigh of “complete overhaul” came to me, and then immediately after, the silver lining portion of my brain kicked in: this could be a nice advantage against rudimentary OSINT gathering. Taking the best parts of the insanity and adding in a dash of structure, this could create a mild cypher of the real accounts that a company uses.
Sure, it may be overkill for a small company, but if security was a top priority and the budget/hardware exists, why not create a mini web of formats for hackers to hit when they use a tool like NetHunter? Create multiple dummy accounts in all sorts of formats and keep them active, with the real format blended in with identical quantities.
A dedicated attacker will only be slowed down, but even getting a percentage of “hit and run” adversaries to rage quit would get a chuckle out of me.
