Have you ever received an email where...you just couldn't quite tell if it was real? Your heart began to beat just a little faster as you decided if you should click on the link. I mean, on the one hand, it was from your boss. On the other, it was your boss asking you to click on a certain link to order gift cards for the company. That doesn't sound like Cheryll, she's more of a personalized gift person but still...it's an email from your boss. You should open it! you should follow the directions! Right?
When you find yourself weighing these options, you are exactly where hackers want you: unsure. And when we are unsure, sometimes we make split-second decisions, the outcomes of which can be catastrophic. Still, we are bombarded with emails daily. Who has the time to be hyper-vigilant constantly? There's work to be done. With this blog, we'll show you the ins and outs of email spoofing plus show you how to better detect and handle a malicious email to protect you and your company.
What does email spoofing mean?
Email spoofing is the modification of email headers so that it appears as though a message was sent from someone or somewhere other than the actual source. Basically, an unsafe email made to look totally innocuous. Spoofed emails may also contain malicious attachments which can affect your computer security, by allowing malware such as Trojans and spyware to enter your system.
Spoofing is a form of cyber fraud performed by forging an e-mail message in such a way that it appears to come from another address or to be sent earlier than the actual time. A typical example of this would be a hacker sending an e-mail from what appears to be your company's domain name with a link to a malicious website. Since your company's domain (for example bemopro.com) is familiar to you, you might not think twice about opening a link coming from an address at your domain but, thinking twice might be good protocol these days.
Email spoofing has become one of the most common methods used by cybercriminals to trick unsuspecting users into visiting websites designed for phishing and other forms of cyber attack.
Where did email spoofing originate?
Email spoofing was originally developed by hackers who needed to bypass IP address filtering which lets you control what IP traffic will be allowed into and out of your network. Since then, it has become a way for cybercriminals to socially engineer people into revealing their personal information, including passwords and other sensitive data.
Many experts believe that email spoofing originated with the Morris Worm of 1988, which was widely maligned for sending out spam emails. Early forms of email spoofing were not evident until 1999 when internet criminals started using email spoofing to send out malicious links and phishing scams.
Detecting email spoofs can be difficult, especially when they originate from a source with a valid domain name (amazon.com, chase.com, etc.). However, there are ways you can determine whether an email originated from another computer or was forged by someone else. Here are some tips for detecting emails that have been forged:
Prefer we do it for you? Schedule a quick chat with me to learn more:
Look at the address in your "From" field and see if it matches the actual sender's address. Unfortunately, this isn't foolproof because the attacker might use a compromised mailbox located within the company's email server rather than using their own personal email account. If you notice an email coming from a non-existent e-mail box, that's always a dead giveaway. Also, check the email header. If this has been forged, you will likely see a number of inconsistencies in the "Received" fields.
Also, check the "To" field to determine if there are any obvious misspellings or incorrect nouns. Make sure you're sending your replies to an actual email address as well. The best method for determining email authenticity is by directly contacting the sender through a different channel such as by phone. You can also use free tools like MxToolbox, which can help you verify whether specific domains support PTR (pointer) records and SPF (Sender Policy Framework) records. These tools should give you enough information to determine whether or not the sending domain is legitimate.
This video gives you a little more insight into how to spot a spoof:
What to do if your email is spoofed
Imagine you’re working one day, and you receive an email from your HR manager asking you to update your personal info for a new HR program they've purchased. In the email is a link to a website that looks legit, so you put in your personal info like your name, address, phone number, and even your social security number. About a week later, your Credit Karma app sends you a notification letting you know that you just applied for 3 credit cards and an auto loan. What happened?! Turns out the email you received a week prior wasn’t actually from your HR manager, it was from a hacker pretending to BE your HR manager.
There’s no denying it, spoofed emails are pretty dangerous. They can lead you to malicious websites designed to steal your personal information or infect your computer with malware using backdoor Trojans. Unfortunately, once you've been compromised, it's difficult to determine exactly where the attack originated.
If you receive an email that looks suspicious or has strange links in it, report it to your IT administrator immediately and do not open any of the links within. If clicked, these links may take you to sites designed for cyber-crime. Reporting it to your IT administrator ensures they can take measures to prevent future attacks from happening by updating your company’s email policies and by increasing security for both incoming and outgoing mail.
But Josh, I already clicked on a link from a spoofed email. What should I do now?!
If you've already clicked on a link in a spoofed email and suspect that your computer has been compromised, one of the first things to do is to use a virus scanner such as Windows Defender to ensure your computer isn’t infected. If any other computers at your company were also hacked, they should follow the same steps. Something that is increasingly common is for the virus to hide in external drives you may have attached to your computer. The virus scanner might even be able to detect this drive and give you a log of instructions that can help remove the malicious software from your PC.
How to tell if an email was spoofed
Unfortunately, you can't really determine whether or not your email address has been spoofed. If your email address was compromised as part of a data breach, it's likely that hackers have already used it for phishing scams and other cyber attacks. There is no surefire way to know if someone is using your email address without asking the email provider for details about any active logins from IP addresses located outside of your local area.
However, if you start receiving confused email responses from your employees, clients, or friends, then it's a safe bet that someone has spoofed your email address, and has been hard at work sending out malicious emails. In order to prevent any further damage from being done, be sure to contact your IT staff as soon as you can so they can take measures to block the email address from sending any more messages while you get things back in order.
Don't have an IT staff? BEMO provides Managed IT for just that reason. Let us be your IT team so you can get back to work.
How to stop spoofing emails from my email address
So, now you're probably asking yourself how to ensure that YOUR email address isn't spoofed? Well, there are a few best practices which include:
- Don't use the same password for multiple accounts
- Use a strong, hard to guess password
- Change your password regularly
- Enable multi-factor authenticationon your email account
Unfortunately, even with these enabled, you're not 100% safe from being spoofed, but you are going to be WAY better off than you were before.
If you’re rather tech-savvy, then you can follow our 5 part Total Email Security Guide to enable the most common email security features within Microsoft’s Exchange Online. Keep in mind that you'll need a special license called “Defender for Office 365” to enable these security features.
If you're still feeling uneasy and would rather someone else handle your email security for you, feel free to book a meeting with me below, and we can go over all of the various cybersecurity offerings we have at BEMO.