When someone is imitating a person or a bank and attempting to trick you into engaging with them via email– that’s spoofing! Spoofing isn’t to be confused with Phishing which you can read more about in our previous post.
Over the past few years we have been noticing an increase in the quantity and quality of spoofing attempts on our customers. Whilst the success rate of these activities still appears to be low, the confusion and possible financial loss can be very high. These are sometimes combined with other attacks to great effect. We have been impressed with the level of initiative that can be carried out by these (unsavory) individuals!
This blog is to create awareness of spoofing. We outline what it is, how you can detect it and what you can do to keep your organisation safe.
So what is it?
The technical definition of spoofing is: the modification of an email header to make it appear that it has come from a legitimate source.
You may have experienced this before if you have had an email from a colleague or boss that has their name (and possibly something like looks like their email address) but it wasn’t from them.
The spoofing attempts that we see most frequently, and the more easily spotted example, is the obvious random email address with the imitation name in the email.
These are by far the most common and most likely to be used to imitate large organisations like banks and technology companies (as above). Whilst they are common and can appear obvious, it is easy to be fooled if the content is good.
Then there are more complex cases of spoofing – when the attempt is personalised and targeted (this can also be known as “Spear Phishing”). These attempts are becoming more common with the impact being significant and costly. Some potential characteristics are a legitimate looking email signature, a genuine looking message and the email appearing to originate from the expected email address (possibly the actual email address of the imitated person or a slightly misspelt version – i.e. firstname.lastname@example.org).
They will often also commence the email by asking the recipient if they can complete a task and to respond to them quickly. Once the recipient responds they will then generally ask for money transfers. An example below:
The real challenge with spoofing stems from the way email works and the fact that you can send an email as anyone. There are techniques to minimise spoofing attempts and when successful will mark messages as likely Spam/Junk rather than outright block/delete due to lack of absolute certainty. Technical tools and systems like anti-malware have no affect over spoofing as they don’t carry any malicious software or bad code.
So what do we do to try to prevent this?
- SPF records – we try to beef these up so the common examples go to your spam. The bad ones might still come through.
- If you are constantly being targeted we can put a message on incoming emails highlighting external emails.
- We can block certain locations/IP’s. This is often ineffective as it will only last a limited amount of time.
The best thing we can do is raise the awareness of your team. We offer training and have free Cyber Security posters available that you can put around your office to keep this top of mind.
What you can do?
- We’d encourage you to be very careful about what you whitelist. If you have whitelisted a colleague’s email address or your own email address then you are likely to be giving the Spoofers additional credibility as it won’t go to spam.
- Consider your internal processes around payments – if payments are requested internally ensure there is a robust process in place to approve them.
- Don’t reply! We know it’s tempting!
- Make sure you have an email signature that is difficult to replicate – i.e. not a few lines a text. If your mobile signature says “Sent from my iPhone” you’re best to change it.
Also we’d really encourage you to create an environment where your teams are encouraged to ask questions if an email appears to be dodgy. While it might take a few minutes to check, it could save you dollars and significant disruption!
Please do contact us if you would like to talk with us about our cyber security training or if you would like copies of our posters for your workplace.