While the term “email spoofing” may not sound as intimidating as other forms of cybercrime, it occurs frequently, and the potential costs to its victims are worrying. According to industry statistics, hackers perform 96% of their phishing attacks via email, with the average BEC (business email compromise) costing organizations $3.92 million.[1] Given the meteoric rise of these concerning figures over the years, it might help determine what email spoofing is and how you can prevent it.
What Is Email Spoofing?
Spoofing is a general term for disguised communication from unknown—often malicious—sources intended to pass themselves off as legitimate sources. The technique applies to various media, including phone calls, SMS, websites, computer networks, and emails, hence the term “email spoofing.”[2]
Email spoofing is very common in spam and phishing attacks where unsuspecting users get duped into taking specific actions on emails sent by supposedly familiar or trustworthy entities. Successful email attacks often involve users performing one or more of the following actions:
- Clicking malicious links
- Sending sensitive data
- Opening malware attachments
- Wiring corporate or personal funds
How Can You Spot a Spoofed Email?
Now more than ever, phishing awareness training has become a quintessential part of any workplace cybersecurity curriculum. Well-informed employees are less likely to open malicious links or send sensitive company information to the wrong recipients. That being said, here are some telltale signs of a spoofed email.
1. Mismatched Display Name and “From” Address
Legitimate organizations do not send emails from public domains like “@gmail.com.” Most organizations use custom company accounts and email domains. And although the display name on an email may look familiar, never take action until you compare it with the “From” address. Any mismatches between the two might signal a spoofed email.
2. Out-of-the-Ordinary Message Content
Regardless of a sender’s apparent legitimacy, always view unsolicited attachments or requests for specific information as suspicious until proven otherwise.
3. Mismatched “Reply-to” Header
If an email’s reply-to address differs from its sender’s address or custom domain, you may be handling a spoofed email.
How to Prevent Email Spoofing
The best way to protect your organization against spoofed emails is by learning to spot and avoid them. Here’s how:
Inbound Spoofing Attacks
- 1. Traditional Email Security Protocols: Nowadays, conventional email security measures—including those embedded in cloud-based email systems—can intercept most incoming emails that contain malicious attachments. Combining these standard features with managed IT services such as Artemis IT’s endpoint protection can reinforce your systems markedly.[3]
- 2. Phishing Awareness Training: As fraudsters look for new ways to bypass the best defenses, automated phishing response systems may struggle to keep up. Periodically training your employees should provide for a reliable last line of defense against evolving spoofing techniques.[4]
Outbound Spoofing Attacks
Here are some email authentication protocols to protect your organization’s emails from getting spoofed in attacks targeted at the general public or your customers:
- 1. SPF (Sender Policy Framework): SPF is an authentication protocol that enables your company to specify the IP addresses allowed to send emails on your organization’s behalf. If the IP address sending an email is not on your SPF record, the authentication check and email delivery fails.[5]
- 2. DKIM (Domain Keys Identified Mail): This authentication technique allows your receivers to confirm that your organization sent and authorized an email, thanks to a digital signature attached to the email’s header.
- 3. DMARC (Domain-Based Message Authentication, Reporting and Conformance): Typically used in conjunction with SPF and DKIM, DMARC is an authentication standard that helps receivers spot when an email is not sent from your company’s domains and instructs them on how to dispose of the unauthorized emails safely.
How Artemis Can Protect You From Email Spoofing
Artemis IT offers robust managed IT services, including endpoint protection, perimeter management and remote monitoring for all-round protection against multiple cyberthreats. Our email security solution, in particular, uses up-to-date authentication protocols that scan and block potentially malicious incoming emails before they reach your inbox.
Do you need any help bolstering your email security? Contact us today to learn more about email security and the managed IT services we offer or to request a consultation.
References:
[1] https://www.tessian.com/blog/phishing-statistics-2020/
[2] https://securityboulevard.com/2020/01/email-spoofing-101-how-to-avoid-becoming-a-victim/
[3] https://artemisit.com/5-ways-that-artemis-it-improves-security-with-managed-it-services/
[4] https://www.comparitech.com/blog/vpn-privacy/phishing-statistics-facts/
[5] https://docs.helpscout.com/article/58-spf-records