Have you ever received an email from one of your company’s executives asking you to download an attachment or click a link? Most will realize this is spam due to your email client noting it as such. However, hackers are getting more sophisticated and “life-like”, that some employees may fall victim to email spoofing.
So, what is email spoofing? When you receive a spoofed email, it will look legitimate, but you need to pay close attention to the sender’s email address. This aspect is typically overlooked when evaluating a potentially harmful email, which is why email spoofing has become such a successful method of infiltration.
Email spoofing is when a hacker creates an email with a forged email address so that is appears to have originated from someone or somewhere other than the actual source. The goal of email spoofing is to get recipients to open and possibly respond to a solicitation. In less-advanced attempts, the sender’s name will appear how it should, but the email address will be completely different, often coming from a different domain. In the most advanced attempts, the email address will look nearly the same. For example, if the sender’s legitimate email address is [email protected], some possible spoofed versions could be [email protected], [email protected], or [email protected].
Now you may be thinking, what can I do to protect myself from email spoofing? There are numerous ways to help you maintain the integrity of your email account. Here are the most effective ways to protect yourself from becoming the next victim:
- Look at Sender Information on Every Email! Make sure to look for discrepancies like the ones mentioned above, especially from internal emails. If you receive a suspicious email from an external source, do your due diligence and research the organization’s email layout. You can even call the business and ask to speak with the individual who sent the email.
- Know the Signs of an Attempt. Here are 7 red flags that you need to look out for to avoid being scammed:
- Asking for a money or wire transfer
- Requesting data that the “sender” already has access to
- Demanding credentials such as usernames and passwords
- Extreme sense of urgency for an action
- Spelling and grammar errors
- Linked text that says one thing, but when you hover over the link, it directs you somewhere else
- Claiming that a personal account has been compromised
- Follow Best Practices for Protection. Here are 5 best practices for your employees to follow to maintain the organization’s email security:
- Thoroughly check emails
- Do not click on suspicious links
- Never download obscure attachments
- Limit public information
- Never enter your password
If you have any questions on how to protect yourself from email spoofing, please email us at [email protected].