email spoofing

Email Spoofing

Did you know you dont need to have an operational email for cybercriminals to start sending spoof emails with your domain?

Have you seen suspicious emails sent with your company’s domain? Emails that you are certain did not originate from you or your team.

This is email spoofing at work.

Spoofing is the act of masquerading something as being true or correct.

The objective here is to dupe recipients to open the link or email to download a piece of code. The code could be a worm, Trojan Horse, ransomware etc.

What is Email Spoofing so pervasive?

Email spoofing has been on the rise because of its ease of deployment and high success rate.

Technically, it is easy to generate a fake email.

Secondly, inherent flaws exist in current email protocols.

The Simple Mail Transfer Protocol (SMTP) used by mail servers does not authenticate incoming email addresses. Without authentication, fake emails can easily pass through these servers and land in the users’ email boxes unchallenged. Understanding this technical weakness, cyber-criminals is able to send spoof emails to unsuspecting victims.

Emails are usually trusted, especially from known counterparties (suppliers, clients, software that you subscribe to, banks, etc.) and from authorities like our bosses, IT department, etc. With this high element of trust and low cybersecurity awareness, we can be easily duped and be unsuspecting victims.

Why does email spoofing matter?

Email spoofing matters as it can cause significant problems, directly or indirectly.

If you are the target, the email you bear the brunt of any malicious deception. It could cause work to come to a standstill, reduce productivity and increase costs. If the malware is ransomware, you will be denied access to your application until a ransom is paid.

If you are not the final target, but merely a conduit to another target. A larger nightmare could be unleashed if a suit is brought against you by those affected by your emails. Not only must you fix and improve your cyber posture, but also resolve matters with affected parties.

Things get hairier if personal data is involved. Depending on the scale of the data breach, regulators will first step in, followed by the media. When this happens, the scope of the mess widens as more needs to be done.

Is email spoofing a serious threat?

The COVID-19 pandemic forced companies to have their employees work remotely from home. This remote arrangement makes it easier for cybercriminals to carry out their nefarious plans. Employees are more likely to fall victim, as they do not have the convenience of checking with their colleagues whether the email is a fraudulent one. 

Hence, the need to protect your business against email spoofing becomes more pressing than ever.

How do I protect my business from Email Spoofing?

Users and businesses can prevent spoofed email from accessing their systems in a variety of ways. There are 3 main mechanisms to deter cybercriminals from spoofing your domain.

Firstly, it would require domain owners to whitelist all servers that are sending out emails into a lookup record. In this manner, servers receiving an email can verify its origin. Emails not from this approved list will either be blocked or sent to the spam folder.

An additional and recommended defense is to deploy a private and public key authentication mechanism. The mail is encrypted with a private key and the recipient decrypts the mail with a public key. This ensures that the email header info has not been altered as it moves from one mail server to another.

Finally, we have an overall conformance report also known as a Domain-based Message Authentication, Reporting, and Compliance or DMARC report for short, to bring everything together for a single view of email nonconformance.

Set up at the Domain Name Server (DNS), it allows domain owners to understand the state of email traffic bearing their domain name on the World Wide Web. Any potential email spoofing at work will be picked up. It also gives domain owners a view of the origin of all emails, both authorized and unauthorized.

The report also helps mail servers understand how they should treat incoming emails.

While there are other security mechanisms that can be added on to further strengthen the authenticity of emails. The above three should be the baseline security enforcement for all domains.

Conclusion

With the above mechanism put in place, domain owners will now have an understanding of all domains that are sending emails with your domain name. They can also have a view of fraudulent activity happening with their domain.

The mechanism will generate a report. The report will also provide a view of messages, whether they pass or fail authentication checks at the receiving mail servers. This will allow you an opportunity to take corrective actions. This helps with email deliverability (i.e. less mail lending in a spam folder).

With the layers of checks deployed, it makes the job of any cybercriminal trying to spoof your email a lot tougher.  This mitigates the risk of getting into legal trouble with any recipients receiving emails with your domain.

A brand and its reputation are important to its owners. In this Internet age, news about brands travels fast and far. They can create problems for the company if the news works against the company.

No business owner likes to hear anything bad about their brand as bad news creates friction for their brand and business. Early knowledge of what’s happening with their brand is crucial. If there is any adverse news affecting their brand, they would want to be the first to know, so they may take necessary actions to resolve the matter before it gets out of hand.

With reports being generated, brand owners can now take quick containment actions.

No brand owner would want to see their brand in a bad light in the press, on social media, or on forums.

If you need help to protect your domain and brand do drop us a note for a non-obligatory discussion.