Email spoofing is when an email is forged by an attacker to make it appear that it's coming from someone else, usually someone you know, such as a coworker. This is a very common type of phishing tactic cyber criminals will use to either try to obtain confidential information, or send out attachments or links that contain malware.
If you have an email address, it's likely you have received an email like this. Unfortunately, there are no signs of these kind of attacks slowing down. According to an article in IndustryWeek, there was a 250% increase in spoofing or business email compromise attacks, and 70% increase in spear-phishing attacks overall in 2018. Another report by Gartner predicts that email will remain the most common method for targeted attacks through the year 2020. Phishing emails will be appear to be coming from trusted domains, such as within one's own organization.
Cybercriminals can alter different sections of email, including the "From" and "Reply To" sections. For illustrative purposes, we will make up our own employee: Johnny Bedrock, and his email address is jbedrock@bedrocktechnology.com.
An example of display name spoofing might look a little something like this:
From: Johnny Bedrock <jbedrock@gmail.com>
To: Jane Doe <jdoe@bedrocktechnology.com>
Note that even though the display name is Johnny Bedrock, the email address is not a Bedrock Technology address.
Hackers are able to spoof an entire display and email name, but the content of the email tends to use social engineering to instill a sense of urgency or intrigue. Here's an example:
From: Johnny Bedrock <jbedrock@bedrocktechnology.com> Sent: Wednesday, December 19, 2018 1:13 PM To: Jane Doe <jdoe@bedrocktechnology.com> Subject: FeedBack Required Urgently.
There is something i need you to do. Let me know when you are available.
I am going into a meeting now, so just reply my email.
Sent from my iPad
If you're unsure about the legitimacy of an email, always ask the sender if it came from them. As an aside, you will want to ask via another method, such as in person or over the phone. Replying to the original email could engage in correspondence with a cybercriminal!
Here are some proactive measures you and your business can do to keep yourself safe from spoofing and phishing attacks:
Educate yourself and your employees. Review examples of phishing emails.
Keep your operating systems up to date. Always update your software when prompted. Ensure you have antivirus downloaded and enabled on your devices.
A little healthy skepticism can go a long way. Never open attachments or click on links if you're unsure about the email to begin with.
Partner with IT professionals, such as a managed services provider like Bedrock Technology. We will assist in aligning technology with your business goals so you can focus on your business while we proactively protect you from potential threats.