Email remains one of the most vulnerable points of cyberattack for companies, yet many still underestimate the dangers of domain and email spoofing. Spoofing can be leveraged by relatively unsophisticated attackers, registering a domain similar to a brand or hosting a website intent with deceiving customers or employees. Unfortunately, spoofing attempts can be convincing, and employees fall victim every day.
What is spoofing?
Email spoofing is a method used in spam and phishing attacks. It aims to get users to think that a message has come from a certain person or company which they trust by forging email headers. Most users do not look twice at an email header, and so they proceed to click on malicious links, send sensitive data, open malware attachments, or send corporate funds or information.
The fact that criminals can insert any sender’s email address into a forged email is a flaw in the design of email. Most outgoing email servers cannot tell whether the sender address is legitimate or spoofed. While recipient servers and antimalware software can filter spoofed messages, not every email service has these security protocols set up.
Email spoofing is actually not a new form of cyberattack dating back to the 1970s when spammers used it as a method for getting around email filters. It became more common through the 1990s and firmly planted itself as a major global cybersecurity issue from the 2000s. Although security protocols were adopted in 2014 to help deal with this problem, people still fall victim every day.
What are the different types of email spoofing?
There is no one-fits-all when it comes to spoofing, and hackers exploit several different factors to spoof an email message and try to steal information. One of the most common types of spoofing is brand name spoofing. In an age where we are bombarded with promotional emails and notifications from companies, you can see why. Brand name spoofing relies on the individual being so familiar with a brand to take it at face value without raising suspicions and if it looks authentic then you are likely to go ahead and click on the links.
Domain name spoofing is another form of spoofing used frequently. It mimics a domain name and since many people often do not inspect URLs carefully, many can be caught out. By mimicking a domain page like a login page, hackers can steal your credentials. It can be difficult telling the difference between original domains and false ones since it could just be a slightly different character.
The state of spoofing attacks.
Employees are likely to interact with messages they believe come from trusted brands, making brand impersonation such a powerful social engineering tool. Almost all cyberattacks contain at least one element of social engineering, such as spoofing. 60% of brands have experienced impersonation fraud in the past 12 months. Additionally, attacks are on the rise with brand impersonation increasing more than 360% since 2020 and that figure is increasing further in 2022.
While attacks are on the rise with more companies receiving an increasing number of phishing emails, one of the biggest challenges is that employees struggle to recognise them. Almost half of employees will open an email they consider suspicious just to check if it is important, 1 in 3 employees will click the links in the phishing email, and 1 in 8 employees will share information requested in the email.
The consequences for companies falling victim to email spoofing are potentially huge with financial loss, theft of sensitive data, and theft of intellectual property just a few of those consequences. Companies can also suffer damage to their reputation, which they have painstakingly built-up, as well as the disruption experienced in operational activities following an attack. Some of these repercussions can be repaired while others cannot.
So how can companies protect themselves?
Companies can protect their email domains from being used for spoofing and phishing scams with DMARC (Domain-based Message Authentication Reporting and Conformance). The email validation system utilizes existing email authentication techniques, such as SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail), creating a link between them so that you can gain insight into your email channel.
So how does it work? When a DMARC record is published by a domain owner into their DNS record, they will know who is sending email on behalf of their domain and can gain control over the email sent on his behalf. Website owners can ensure that visitors or customers only see emails sent from them and that email recipients will know whether an email originated from them and is legit.
DMARC protects companies against phishing on customers, preventing brand abuse and scams, but also protects the employees of the company too. Another benefit is that whereas companies used to only gain insight after the attack had occurred, with DMARC it is possible to get insight from the phishing attacks and then inform customers in advance of the incident.
Making sure you choose solutions that use powerful anti-phishing technology can help prevent email spoofing. The best solutions leverage AI that can identify when messages are attempting to impersonate a real person. Often these solutions use hundreds of thousands of data points that then undergo impersonation analysis. The algorithm looks for whether a single sender exists in the organization but with a different address, cross-referencing fields like sender and signature.
Software will often look to see if the sender is using a domain that is similar to a known domain but uses a different mail-flow path. Analysis tools can simulate the action of the file or link in a sandbox environment and the AI algorithm constantly learns what is legitimate or malicious based on the activity of the user.
What are some best practices I can adopt to protect against email spoofing?
There are several best practices you can bring in to make sure you do not become a victim of email spoofing. Do not click a link to access a website that you are asked to authenticate. Make sure you know how to view email headers with your inbox software looking for the Received-SPF section of the headers and seeing a PASS or FAIL response.
If you feel like an email may be suspicious, try copying and pasting the content into a search engine and see if it has already been reported. Look out for bad grammar or spelling. Do not open attachments from sources you do not know, particularly if there is a sense of urgency or danger expressed in the email. Common wording is pending account closures, payment failures, or suspicious activity on your account.
Network Platforms has been advising our customers on security since 2003, and can supply and manage all the elements to ensure your business is in the best possible position to protect against the various methods of attack.