What is e-mail spoofing and how can you prevent it?

There are so many threats on the internet that it can be hard to keep track. Sometimes the most effective methods of attack can be the simplest. Phishing is often one of the most popular attacks – and oftentimes, phishing attacks begin with e-mail. In fact, e-mail spoofing has become a prevalent way to attack e-mail users. A spoofing attack takes advantage of worker apathy and weak cyber security software, usually to steal data or extort money. 

With software like Mailprotector’s CloudFilter e-mail filtering solution, and the right training, workers can learn to recognise dangerous e-mails and react appropriately. Analytics can help you to understand the danger hidden in messages, and a strong awareness of cyber security best practices will encourage proactive defence and diligence whenever your users are on the company network.

E-mail spoofing is the practice of forging a false e-mail header to mislead the recipient into believing the e-mail came from a different, trusted source.

This type of attack can be used to steal private information, which can then be used to further damage an organisation.

Extortion, IP theft and malware infection are just some of the risks a spoofing e-mail attack can present. With so much on the line, a strong e-mail security position is critical to corporate success.

An e-mail filtering solution like CloudFilter can help to keep your inbox safe without missing any important mail.

Here’s what an e-mail spoofing attack looks like. The owner of your company, or an address that looks convincingly like theirs, e-mails with an urgent favour, a request that involves opening a link. You’re busy and you get messages like this regularly, so you open it up and see what it says.

You’ve just infected your corporate network.

Now your company data is being ransomed for huge sums of money, development on your latest projects has halted and word is already getting out that you’ve been hacked. Your competitors are licking their lips as they prepare to snatch your prospects.

This is the very real risk and danger posed by e-mail spoofing attacks.

On an individual basis, a spoofing attack may go after your banking or other financial information. On a corporate scale, however, the target of the attack is more likely to be employee login credentials to get access to greater networks, where hackers can then do the real damage.

Data theft puts you at the mercy of the hackers and can massively disrupt your business. Ransomware can lock you out of your data or spread confidential information until you pay the demanded amount. (Be sure to read our eBook on ransomware prevention methods.)

Usernames and passwords are frequent targets as they provide access to greater systems.

To make matters worse, the damage can linger long after you’ve recovered your data. An overhaul of cyber security practices in the face of such a disaster would not be uncalled for, but a shift like that takes time and money – resources you may already lack after dealing with the initial hack.

Transitioning to and training your IT and regular staff on a new security module or solution could also be a moot point if your personnel aren’t taking the training seriously. The human element is always a weak point for any cyber security apparatus, so vigilance and proactivity are virtues your company should highlight. As they say, an ounce of prevention is worth a pound of cure.

Spoofing via display name

Display name spoofing is performed by altering the display name in an e-mail to convince the recipient that the e-mail is from a trusted source. This is a simple and common method, made easy by e-mail providers like Google and Yahoo allowing users to change their display name from the built-in menu.

This spoofing method can bypass spam and security filters, as the e-mail is authentic aside from the display name, even if the contents may be harmful.

As working from phones and tablets becomes more ubiquitous in the workplace, this method of spoofing becomes a greater danger. Most mobile apps do not display the full metadata of a message, leaving only the display visible to the recipient and rendering them ignorant to the danger they are about to unleash.

Spoofing via lookalike domains

This method is a bit more complex, but still relies largely on weak security policies or employee apathy to do the job.

Hackers will create a domain designed to resemble a corporate or professional website for the purpose of tricking workers into opening e-mails and following links.

These can have identical URLs to trusted sites and even feature similar page layouts. This can be accomplished by using different language characters as well as Unicode to mimic other characters. In lazy cases, some hackers will simply add a subtle character or two and hope that your workers don’t notice the difference before they head to malicious sites.

Since these e-mails are coming from actual domains, they can slip through spam filters to reach your inbox. It may seem simple, but diligence and attention to detail can make all the difference in spotting a spoofing attack.

The best security system is only as strong as its weakest link, and in the IT world, the weakest link is most often the people themselves. The most robust software filtering solution will be meaningless if your employees are careless about passwords and access management.

Any worker on the company network should be trained in recognising and correctly dealing with spoofing and other cyber attacks. Creating a strong human defence against such tactics will be a massive step towards improving your cyber security.

Better trained employees can be held accountable for their errors, as they fully understand the gravity of their responsibility. While creating a secure cyber culture in your office may seem time-consuming and difficult, it will pale in comparison to the headaches caused by a successful cyber attack.

Many modern companies are incorporating gamification into their cyber training to help incentivise employees. Risk scores, awards and responsive modules can all help to ease the transition to a more secure digital workplace.

CloudFilter by Mailprotector

While training your workers is a critical step in buffing your security, that doesn’t mean there is no need for a software solution as well.

Powerful filtering tools like CloudFilter can scan for harmful or offensive content and hold the e-mails for user review, while letting trusted e-mails through to your inbox. Users can preview the HTML content of a message and decide if it is safe to open.

To avoid false positives, CloudFilter sends users a notification and they can then check that the message is safe and legitimate, and, if it is a regular and trusted contact, users can whitelist the sender to save time in the future. You can even schedule your notifications for certain times of day to review your inbox at your convenience.

With state-of-the-art analytics, users never have to worry about losing track of where their filtered messages ended up, or why.

Statistics display the reason for the message’s filtering, so you can easily understand what you’re looking at instead of trawling your inbox for information. Geographic information, timeline of the message and security scores are just a few of the ways CloudFilter keeps your data safe.

CloudFilter is compatible with Microsoft Office 365 and can be strengthened further with other Mailprotector products.

We try to keep you up to speed with what is happening through our MSP Responder blog, eBooks like the one we did on ransomware prevention, and insightful pieces we put together like 'Selecting the Right Anti-Phishing Provider'.