Post #1 in threat types
Crooks send fake email so they can take other people’s money. Regardless of the text inside the email, the intent is some variation on unfairly taking other peoples’ money.
The word “spoof” means falsify, as in falsify the return address in the email. If you or a co-worker get fooled, you could lose so much money that your business collapses. Even if that doesn’t happen, your reputation could suffer.
This post offers several benefits:
- Gain authority over hacker activity
- Freedom from fear
- Increased confidence about your digital devices
If you suspect a message is fraudulent, DO NOT click any link in the message. Do not provide any information that is requested.
You may be wondering why email problems happen so often. The basic email functionality—its protocols—were designed many years ago by technicians who were not thinking about criminals. Trying to fix this from the ground up would be a huge upheaval on the internet.
You’ve heard about people going out of business because they were tricked, right? Or being fired for letting down their guard? Don’t wait for the worst to happen. A little knowledge makes a big difference.
Your first line of defense against spoofed email is probably common sense. For example, let’s say you get email from your co-worker Fred, who is out on vacation for a week. But the email doesn’t mention that. It just says “Hey take a look at this attachment.” Doesn’t that seem a little bit odd?
In addition to intended theft, there is another type of crime in every fake email you receive: Forgery. The spoofed email shows a forged return address.
“We surveyed 10 technology leaders and found that spoofing is seen as the top email threat for 2019.”
—Jeff Woods, owner, Realize Information Technology
An email-use training program at your place of work can be very effective. Be sure to offer people a way to remember to daily use their training. Now, give yourself a nudge to read over these tips. Talk to your IT staff about it.
Wouldn’t you like to feel more confident blocking this problem? Let’s get started.
Going into the technical details of email authentication methods and spam blocking probably would not help you, so here is a basic list for anyone who wants to do their own research: SPF (Sender Policy Framework), Sender ID, DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting and Conformance).
- Always keep your operating system (OS) and anti-virus software current with security updates and patches.
- If you are not expecting an email message, assume it is bad and delete it. If you strongly feel it may contain important information, ask a co-worker or manager.
- Check the “From” address. A familiar name may show up, while the actual email address does not match the message. This is a spoof and should be deleted. Some fake messages may go so far as to show familiar logos.
- Never click on an internet link in any email. Open a web browser and directly go to the known good address.
- Always scan attachments with your anti-virus software before opening them.
Your IT staff can make changes to your email service settings to help block deceptive emails coming into your organization and put other email services on notice as to what a legitimate email coming from you should look like. This is done by adding SPF, DKIM and DMARC DNS records to your company’s domain name.
To protect users from spam, big mail like GMail providers adopt white-list practice. ISP provider networks used for mobile internet users or home internet often block by “ASN identifier.” These practices reduce bad email before it ever arrives in your inbox.
Infographic © SDN Communications 2019. All rights reserved.
Feature photo by Jefferson Santos on Unsplash