Increasingly, cybercriminals are becoming more adept at impersonating someone and making the emails you receive look legitimate and real by impersonating other identities of companies or public bodies, simply by subtly modifying the sending addresses.

And when you’re inundated with emails, you’d be surprised how easily you could be persuaded to click on malicious links or attachments. Beware that it only takes a single fake email to infiltrate your entire business. So make sure your whole team knows the risks and how to avoid being tricked.

 

What is email spoofing?

Phishing refers to techniques used by criminals to trick and manipulate people into handing over their personal data. Email spoofing is just one example.

This is the sending of emails designed to make it appear that the sender is someone who is not the sender. Sometimes a general email may be sent to an entire workforce. Other times a single, very precise email is sent to one person, which is called spear phishing.

In both cases, however, the objective is exactly the same: to trick the recipients into taking an action that benefits the sender. In this way, they get hold of our credentials or passwords they need and can then have unlimited access to our data.

 

What kind of actions are you usually asked to take in a spoofing email?

  • Clicking on a malicious link.
  • Transfer funds.
  • Open an attachment.
  • Providing login credentials.
  • Sharing sensitive personal or financial information.
  • Following a link to a hacked website.

Each of these actions has the potential to cause real damage to your business, both financially and reputationally. Protecting yourself against email spoofing is therefore very important. And, fortunately, there is a lot you can do to keep your business safe.

 

Keeping you protected

When it comes to security, your business is only as strong as its weakest link. Therefore, one of the best ways to stay safe is to invest in cyber awareness training.

No one is spared. From interns to the manager or president, employees need to learn what to look out for. The warning signs that can help you are:

  • Language that conveys urgency (“you must click here now”).
  • The sender’s name does not match their email address.
  • Poor spelling and grammar.
  • Requests from people you would not normally receive.

 

In addition to training, employees can use email signature certificates. This is basically a certificate that is attached to every email sent, thus confirming the identity of the sender. If everyone in the organisation has one, suspicious emails should attract a lot of attention.

It is important not to underestimate phishing emails. As the workforce grows and the world opens the door to flexible working, you will rely on email more and more, giving cybercriminals more opportunities to attack.

Another way to help your employees stay protected against this type of email is to make sure that your firewalls are activated. This will give you that extra line of defence at no cost.

Also, encourage your team to keep their devices up to date. It can be easy to put off updates until later, but keeping up to date is an essential tool in the fight against email spoofing.

For more help and guidance, you can consult the INCIBE website. If you would like us to advise you on acquiring any cybersecurity measures, please contact us here.