Email spoofing: Is it time to say no to email impersonation attacks?

Email spoofing is a malicious tactic used by cyber-criminals when conducting phishing attacks. It involves spoofing legitimate email addresses in order to pose as an individual or brand of trust. Cyber-criminals often masquerade as business owners, accounts departments or a person of authority within an organisation. The main aim of these malicious attacks is to coax the recipient into downloading malware, clicking on a malicious link or disclosing sensitive information such as passwords or financial details. Although some of these attacks may be identified and blocked by security filters, they are often mistaken for genuine emails and subsequently land in an employee’s inbox.

Email impersonation scams are a key cyber-threat to businesses across the UK, a 2017 study discovered that 30,000 spoofing scams are conducted each day. If you have ever received an email from a ‘legitimate’ sender, which you later discovered was false, you have already fallen victim to an email spoofing attack. Unfortunately, email impersonation is not a difficult tactic to implement, there are many easily accessible tools which allow bad actors to convincingly spoof your business domain. Although many businesses class their domain as their private intellectual property, the reality is, your brand can be easily imitated if you don’t implement the necessary security measures.

Do email providers prevent spoofing by default?
The reason these scams have a high success rate is because the recipient readily trusts the information in the header of the email. Despite the huge dependency on email accounts for businesses and individuals across the globe, email providers have still not been able to prevent email spoofing attacks. To this day, the protocols which underpin our email accounts are not able to automatically verify and validate the senders identity. When you send an email, there is no standard verification process to check that you are authorised to send emails from that domain. In other words, as long as the recipients details are valid, the server will accept and process the email without flagging anything suspicious.

Examples of email spoofing attacks

Although there are many different forms of spoofing attacks, they all rely on the recipient taking things at face value. If you are never cautious before clicking on links in emails or verifying the identity of the sender, you are far more likely to fall victim to an email impersonation attack.

  • Office365: As an Office365 user, you may receive an email from the Microsoft support team saying: ‘Your password has expired, please click here to re-set within 24 hours to maintain access’. Since you are not suspicious about the legitimacy of the email you click on link and reset your password. However, the email was actually sent by an online criminal who had spoofed their email account. By masquerading as a familiar and trusted brand, they now have access to your Office365 suite and any other associated applications which store your critical data.
  • Targeting your suppliers: Sophisticated spoofing attacks often involve thorough research into your company and the suppliers you work with. Hackers impersonate trusted suppliers, such as a courier service you frequently use to ship high-value goods. The email may claim there was an issue with your delivery and that you must follow a link to log in and confirm re-delivery. Once you follow the link, malicious software is downloaded onto your device and your systems are at the mercy of cyber-criminals.
  • CEO spoofing: This form of spoofing attack can be extremely harmful if conducted convincingly. For instance, hackers often try and pressure accounts teams to load unauthorised bank transfers for large sums of money, share bank card details or give admin credentials to access corporate accounts. They use a sense of urgency to cloud judgment and pressure employees into reacting quickly.
Thankfully, there are ways that you can protect your domain from email impersonation attacks.

If not addressed, the impact of email spoofing can have long term effects on your business. This can lead to reputational damage, lack of brand trust and an increase in cyber-risk for both you and your suppliers. After all, your employees are far more likely to click on a phishing link or disclose sensitive information when the sender and domain appear legitimate.

Although this may sound a little doom and gloom, there are ways to protect your business from email spoofing. By deploying anti-spoofing controls such as DMARC, SPF and DKIM, you can reduce the risk of your domain being used for spoofing scams.

  • What is DMARC? DMARC is an email protocol which determines the legitimacy of an email, it allows ISPs to filter and block domain spoofing and phishing attacks by identifying unauthenticated emails. If DMARC is not deployed, anyone can send an email directly to your customers pretending to be you.
  • Products such as Redsift’s ONDMARC, not only reduce the risk of spoofing, they also provide in-depth visibility into who is sending on your behalf, where your domain is being used and how many of your emails are passing DMARC validation.
  • Awareness training and reducing your digital footprint: As well as deploying DMARC, it is also important to offer employee awareness training and reduce the amount of publicly available information online. Hackers depend on your website, social media and supplier websites to help devise targeted phishing campaigns. By reducing your digital footprint, you reduce the leverage which can be used against you during phishing attempts. This message needs to be communicated to all departments to help promote a culture which is built around strong data security.

Would you like to find out whether your domain is secure?

If you would like to chat to a member of our team you can call us on 0121 663 0055 or email zoe@equilibrium-security.co.uk