From holiday scams and data leaks to CEO phishing, we have covered quite a bit of topics on how to protect yourself, your employees and your business against scammers trying to steal your identity and hard-earned money. Some scams are new and innovative while others, like spoofing, are tried and true tools that prey on human nature to gain unauthorized access to your workstation, data, or personal and financial information.
From holiday scams and data leaks to CEO phishing, we have covered quite a bit of topics on how to protect yourself, your employees and your business against scammers trying to steal your identity and hard-earned money. Some scams are new and innovative while others, like spoofing, are tried and true tools that prey on human nature to gain unauthorized access to your workstation, data, or personal and financial information.
According to a study by McAfee Labs, 80% of business users failed to spot a malicious email. Recently, we’ve heard from several customers about “spoofing” attempts. E-mail spoofing is a technique commonly used for spam e-mail and phishing to hide the origin of an e-mail message. By changing certain properties of the e-mail, such as the From, Return-Path and Reply-To fields (which can be found in the message header), ill-intentioned users can make the e-mail appear to be from someone other than the actual sender. In fact, scammers “spoof” because they know you are more likely to welcome and take action on an email from a familiar party (family, friend, vendors like PayPal, Amazon, Quickbooks, etc.).
Spoofing is possible because email was structured to allow for many systems (your primary mail system, your accounting system, your CRM system, your website, etc.) to send your mail. This flexibility also produces the vulnerability to spoofing.
Part of the threat related to spoofing is that it is not executed using malware or a virus, meaning that there is very little to detect, and so software and hardware protections are not entirely effective in filtering out this kind of email.
How to identify a spoofed email
There are a number of ways in which you can quickly and proactively identify a spoofed email before taking action on the email in your possession. Here are some things to look out for:
-
Absence of company logos and letterheads.
-
Poor grammar and/or spelling.
-
The body of the message is an image rather than true text.
-
File attachments ending in: .exe, .zip, .bat or any other container-type of file.