Spoofing

Spoofing: an easy way to get hacked

Brett Harney Business Continuity / Disaster Recovery

Share this Post

The first thing you want to do is determine whether your account has been compromised by a virus, malware, or a spammer, or if you are just being spoofed. Email spoofing is when the sender of an email, typically spam, forges (spoofs) the email header “From” address so the email being sent appears to have been sent from a legitimate email address that is not the spammers own address. Other areas that may be alters are the “Reply-to” section.

The goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation. Although the spoofed messages are usually just a nuisance requiring little action besides removal, the more malicious varieties can cause significant problems, and sometimes pose a real security threat.

Want to be prepared in case your company becomes compromised? We have you covered! Corporate Technologies Group can help you implement a Disaster Recovery/Business Continuity plan in case of a virus or malware attack, you will have a plan to fall back on, so your business can keep operating. Want to learn more about Disaster Recovery?

DRaaS Whitepaper Download

Reasons for Email Spoofing:

  1. Hiding the sender’s true identity – though if this is the only goal, it can be achieved more easily by registering anonymous mail addresses.
  2. Avoiding spam blacklists. If a sender is spamming, they are bound to be blacklisted quickly. A simple solution to this problem is to switch email addresses.
  3. Pretending to be someone the recipient knows, in order to, for example, ask for sensitive information or access to personal assets.
  4. Pretending to be from a business the recipient has a relationship with, as means of getting a hold of bank login details or other personal data.
  5. Tarnishing the image of the assumed sender, a character attack that places the so-called sender in a bad light.
  6. Sending messages in someone’s name can also be used to commit identity theft. This happens when requesting information from the victims financial or healthcare accounts.

 

Here are 5 ways you can check to see if you are being spoofed:

  1. If you know the sender of the email, verify with them via a phone call.
  2. If the email doesn’t seem right, do not reply to it or download any attachments
  3. Always check the senders email address. If it is from someone at Corporate Technologies Group, it would use the syntax of (first letter of first name) (last name) (at sign) (dot)net.
  4. If the email is asking you for money, gift cards, or any kind of cryptocurrency, then you are probably being spoofed.
  5. Always ask! Ask your dedicated IT person whether this is the real deal, or if you are being spoofed.

Here are some “best practices” when it comes to your email security:

  1. Change your password frequently
  2. Avoid using your primary business email account for everything online.
  3. Only use your primary business email to communicate with people you know or trust.
  4. Don’t open PDFs or other attachments if you don’t think the sender is legit.

Read our DRaaS WhitePaper to get the full scoop on the different threats and how you can avoid or overcome them. Contact us today for more information.

* Information from Lifewire