Brian May wrote:
[$user sends outgoing invoices via cleartext email.]
[$AR receives original invoice, and spoofed invoice, pays wrong one.]
[GPG is too hard.]
I'm not clear on your threat model:
* if this is an APT, game over, you lose.
* if not, are they watching mail pass through a system they control, or what?
e.g. are they a Bigpond employee, or did they just crack his email password and set up
a simple CC?
If they don't have permanent (legitimate) access, and just broke in
and configured bigpond to send them a copy of outbound mail,
then changing the bigpond config &
using improving password discipline should be enough.
If the current cleartext email method is fundamentally compromised,
there are other alternatives for B2B,
that are more secure than cleartext email,
but more convenient than GPG.
- get AR to set up an SFTP (or FTP) upload point,
with keys (or passwords).
$user uploads invoice.pdf using filezilla or winscp.
Don't transmit the upload details over email.
I suppose dropbox would be roughly equivalent.
- 'password protect' invoice.pdf with a pre-shared key,
that is never sent via the compromised channel.
The attacker will then have to brute-force the key,
which is probably easy, but if their attack tool doesn't support it,
they'll have to submit a feature request &c.
- Joel suggested S/MIME.
I expect this to be too painful for B2B, but it's worth investigating.
IME it's primarily used for INTRA-org mail within large organizations,
where cert setup is handled by the org's provisioning infrastructure,
which you don't have access to in this case.