Are you aware that someone can put any name or address they want in the “from” field on an email, just like they could on a piece of physical mail? This very common hacking technique, known as “spoofing,” is often employed by hackers when trying to get you to open malicious emails.
When do hackers use spoofed emails?
Because email spoofing is a central part of many of the most pervasive cyberattacks, like spear phishing, it’s important that your staff know how to identify those fraudulent messages, as an ounce of prevention can help you avoid significant financial damage.
Your team can use these strategies to identify a spoofed email.
See a huge screen of confusing technical information? Don’t worry! We only need to check on small part of this screen to see if the message is legit.
Scroll down and look for the “Received” field. Does the domain name there correspond with the name in the “From” field in the email? If not, then you’re looking at a spoofed email.
The reason spoofing is possible is because the protocol that email is based on, Simple Mail Transfer Protocol (SMPT), which was designed way back in 1981, doesn’t provide authentication records.
Thankfully, there have since been updates to email system, such as Sender Policy Framework (SPF) records and Domain Key Identified Mail (DKIM), both of which can help your email server authorize and validate incoming messages.
If you’d like help securing your email accounts against spoofed emails, or a customized cybersecurity training solution to teach your employees the last email security best practices, the Complete Network team is here to help! Contact our friendly team any time at (877) 877-1840
We know that the first step toward better IT support is to research your options. We’ve put this guide together to aid you in that process.
It’s designed to give you an overview of our organization, so that you have the key information you need to evaluate our service fit.
This guide covers:
Download it for free by filling out the form here.