Email spoofing is the practice of sending emails using a forged sender address. The recipient believes that the email comes from someone they know. How email protocols work makes email spoofing possible. The Simple Mail Transfer Protocol (SMTP) does not provide a mechanism for address authentication. Some spoofed emails are easy to detect, but more malicious and targeted ones can cause companies significant problems.
The difference between a hacked and a spoofed account
A hacker does not have to take over your account to spoof an email but a hacked email account means the hacker has gained full access to your email account. The emails that the hacker sends come from your mailbox. In the case of spoofing, your account isn’t touched, and an email only appears to come from your account, although it actually comes from a separate account.
Reasons for email spoofing
Cybercriminals use email spoofing for various malicious reasons. The aim is usually to make the recipient trust the email enough to open a malicious attachment or reveal private information.
Phishing: Email spoofing is a tactic to get an individual to click on a link in an email that appears to come from someone they know and to provide personal, confidential information.
A more advanced type of phishing involves spoofing emails from a CEO or CFO of a company working with suppliers in foreign countries. The spoofed email will request that wire transfers to the supplier be sent to a different payment location.
The Ponemon 2021 Cost of Phishing study states that phishing attacks now cost large organizations almost $15 million a year.
Identity theft: Cybercriminals can use email spoofing to request information from a victim’s healthcare or financial accounts.
Anonymity: A fake email address can be used to hide a sender’s true identity.
To avoid spam filters: By frequently changing email addresses, spammers can avoid being blacklisted.
Perception Point has an email security solution with advanced anti-spoofing engines. It can prevent malware, ATO, impersonation, ATPs, BEC attacks and malware. You can deploy it without changing existing infrastructure and see immediate results.
Dangers of email spoofing
Email spoofing can be dangerous and damaging because it exploits human psychology and vulnerability. It can bypass the security measures that many email providers offer by default. Even smart employees are tricked into sending money when the request comes from an authority figure.
A spoofed email that appears to come from a friend may contain an infected link. A spoofed email from a vendor may ask for banking details. One from a CEO may ask for sensitive company data.
An Ottawa City Treasurer fell for an email scam and was tricked into sending a wire transfer of over $100,000 in taxpayer money to fraudsters. She thought the email came from the city manager.
Different spoofing methods
Display name spoofing: An email sender may forge a display name. Using a legitimate email address means it doesn’t get filtered as spam. Display name spoofing can be very effective due to the many smartphone email apps that often only have room for a display name and don’t show metadata.
Legitimate domains: Attackers can register and use legitimate domains and hosting to fool people.
Lookalike domains: The fraudster may register and use a domain similar to the legitimate domain. It may have an extra letter, symbol or another change that’s minimal enough for a reader not to notice. As it looks so much like a legitimate domain, it carries weight and can convince a victim to reveal a password, send documents or transfer money.
Email spoofing protections
Recipient servers and anti-malware software can help to detect and filter spoofed messages. Unfortunately, not all email services have security protocols in place.
- SPF (Sender Policy Framework): SPF has become common with many email providers to prevent phishing. To use it, a domain holder must specify all IP addresses authorized to send an email on behalf of the domain.
- DKIM (Domain Key Identified Mail): This method involves using cryptographic keys for signing outgoing messages and validating incoming ones.
- DMARC (Domain-Based Message Authentication, Reporting, and Conformance): A sender can let a receiver know whether an email is protected by SPF or DKIM.
- Using the above frameworks will mean emails that fail validation are rejected or sent to spam.
Steps to take to avoid becoming a victim
Keeping anti-malware software up to date and being wary of social engineering tactics can help to prevent you from becoming a victim of spoofing. When you are unsure whether an email is valid, try contacting the sender directly, especially if sharing private information, such as financial information.
Companies that are planning to go digital need to choose a good cyber security provider. They must also practice good cyber security hygiene to help prevent email spoofing.
- The steps to view email headers are different for different email clients, so it is important to look up how to view email headers for inbox software. Open email headers and look for the received-SPF section of headers and a ‘pass’ or ‘fail’ response.
- Never click links to access a website if requested to authenticate. Type the official domain in the browser and authenticate directly on the site.
- Be suspicious of an email purporting to come from an official source that contains poor spelling or grammar.
- Don’t open attachments from unknown senders.
- Beware of emails that have a sense of urgency or danger. Treat links with extra caution if there’s a threat of account closure, suspicious activity on one of your financial accounts or a scheduled payment failure.
- Copy and paste text from a suspicious email into a search engine. It may already have been reported and published to warn people.
Conclusion
Even with email security in place, some malicious email messages may reach user inboxes. Using an advanced email security solution with anti-spoofing engines may be necessary to prevent a variety of attacks, including using email spoofing as a tool for phishing. Irrespective of the size of your business, you need to ensure the highest level of cyber security.
