Email spoofing is a type of phishing scam that involves specific tactics meant to deceive the recipient into releasing some type of personal, professional, or financial information. Spoofing email scams have claimed victims in every state and in at least 79 countries amounting to more than $2.3 billion in losses. The hacker forges his/her email address and formats the body of the message to make it appear as if the email came from a legitimate source thus making the recipient feel comfortable sharing otherwise private information (or even simply open the email). Spoofing attacks started to become extremely noticeable in early 2015 and have since seen a 270% increase in victims and losses (read the FBI press release regarding email spoofing here). Gaining information is the biggest reason hackers send spoof attacks, but it’s not the only reason. In some cases, the hackers use this technique to give the sender a bad name by sending out threats, insults, or negative messages using their email address. Either way, it’s important to know how to protect yourself against such an attack.
There are several ways you can decipher a spoof email from a legitimate one. But, the most basic rule of thumb is that if something just doesn’t feel right, it probably isn’t. Offers that are simply too good to be true or the sender making unrealistic threats (“you’ll be arrested if you don’t answer this email!”) are a good indication you’re being duped. Most corporations are familiar with spoofing email scams by now, so they take steps that will ensure you it’s genuine. For instance, you won’t be receiving an email from your bank with misspelled words or wrong verb tenses, but you will see those in a spoof attack. A reputable company that you have given your information to will usually address you by your first and last name instead of “valued customer” or something of that nature. As a general rule of thumb, don’t open links from any source you can’t immediately call and have a conversation with. If you’re ever unsure, hover over the URL and if the link address looks weird then do not click on it. Use the “do not click” rule in every message that you’re unsure of. Remember, they can’t take your information unless you give it to them.
Most of these instances are simply just an annoyance, but if not dealt with correctly there can be serious consequences. It’s important to stay ahead of the hackers and be proactive. One way of doing this is utilizing managed IT services like THB. You don’t want to find yourself compromised with no one to call that you trust, that’s where we come in. Read this article to find out why it’s so important to be prepared.
Currently, the most popular style of spoofing attacks are those that involve the hacker pretending to be the CEO of a certain company and sending other corporate executives (ex: HR or Finance) requests for financial information or wire transfers. Don’t forget…hackers are usually highly intelligent! They will take the time to carefully choose a company they think can be easily infiltrated and learn the names of key people within the organization.
The sizes of these business can range from one man operations to a company like Leoni AG, one of the world’s leading wire and cable manufactures, that lost nearly $44 million in 2016 due to spoofing attacks. News of the attacks caused Leoni’s stock to drop a full 7%. There have been cases where the hacker sends an email to an employee of the company from the CEO’s address asking them to take care of time sensitive financial issues, claiming they are in an important meeting and can’t get to it themselves. It’s crucial that you take the steps to inform your employees about such scams. Having a process put in place related to the disposal of these messages is important as well.
Spoofing attacks can be serious but, with the correct training, stopping these attacks is certainly achievable. Every day, more companies are taking the proactive steps necessary to protect themselves and their clients against fraud and abuse.
If you believe you’ve been hacked, check out 5 Things To Do Right Now If You’ve Been Hacked.
At THB, we are now offering a service you can easily add on to your subscription called EmailProtect365. This is a service that will prevent email spoofing attacks. For more information, check out our FAQ on this service or call us today – (781) 262-3849.