Phishing is responsible for most malware infections and data breaches. It’s become more sophisticated over the years, and as long as it continues being successful, it’s not going anywhere.
While all sized companies get targeted in phishing attacks, small businesses are targeted more and have higher rates of malicious emails. Companies with 1001-1500 employees see 1 in 823 emails being malicious, but that rate for businesses with 1-250 employees is 1 in 323 emails.
Many businesses in Rockwall, TX and beyond put cybersecurity protections in place like anti-malware and DNS filtering, but scammers are getting particularly good at fooling users into clicking on malicious emails.
Remote workers can be particularly susceptible to phishing because they don’t have a colleague sitting at a desk nearby to ask for a second opinion on an email.
One of the main tactics phishing attackers use to trick users into thinking an email is legitimate is email spoofing.
What’s Email Spoofing?
Email spoofing is when a phishing email lists an email address as the sender that is different than the one the email was actually sent from.
One of the first things that someone does when they receive an email that they’re not expecting is to look at the “From” to see who sent them the message. If they don’t recognize the address, they’re more likely to be suspicious of it. But, if the email domain is from a company they know or even that of their own company, they’re more likely to think the email is legitimate.
And example of email spoofing in phishing:
An email is received about a problem with an account billing from what appears to be your webhost provider. The email has the providers name and signature, and more importantly it is sent from “[email protected]” – meaning it has their domain in the email address.
Because the recipient recognizes the hosting provider’s domain and sees it as the sender, they click the link to fix the billing issue and are taken to a login page that looks just like the one they’re used to. They login but can’t find any reference to a billing issue.
Before they can get off the phone with the web hosting company (who said the email was a fake), the hacker has already erased their website and taken over their server to post a fake phishing site.
In 2019, 95% of healthcare organizations received emails spoofed as one of their trusted domains.
Email Authentication to Prevent Email Spoofing
It’s important when doing employee awareness training on phishing that you include information on email spoofing. Let your team know that just because they see a particular email as the Sender, it doesn’t mean the email actually came from them.
Many employees don’t realize that scammers can put fake email addresses in the “From” line of a message when sending it from a completely different address.
Beyond education, the best way to combat email spoofing in phishing is through email authentication.
Email authentication uses three protocols that all work together to check messages for spoofing attempts and block those that are suspicious from making it into user inboxes.
This is something that is set up on the server that is used for your company emails. Here is how each of the three protocols work.
SPF (Sender Policy Framework)
This first protocol checks the noted sender of an email in the “From” line and the server that actually sent the email. It looks for a match between the IP addresses designated as approved senders for the domain showing in the “From” line
If they don’t match, SPF flags the message as potential spoofing.
You protect your own domain by designating which IP addresses are allowed to send email for your business domain.
DKIM (DomainKeys Identified Mail)
This protocol takes the authentication a step farther. It uses two keys, one inserted into the email messages you send, and one that stays on the server. Those keys ensure that the sender hasn’t been altered during transmission and the message hasn’t been tampered with.
DMARC (Domain-based Message Authentication, Reporting and Conformance)
DMARC takes action based upon what SPF and DKIM report back. If either have flagged a message for a mismatch between sender and approved domain or for tampering, DMARC does two important things. These include:
- Tells the receiving mail server what to do with the message (reject message or quarantine)
- Report back to the sending domain on emails that were flagged (alerting you to spoofing of your domain)
Email spoofing protection through authentication is becoming a necessary component of IT security as hackers look for more sophisticated ways to fool users with their phishing emails.
How Strong Is Your Email Security?
Leverage IT Group can help your DFW business put strong email security protections in place to keep phishing attacks at bay.
Contact us today to schedule a free consultation. Call (469) 458-0559 or reach us online.