One day Judy, head of the finance department, receive an email from her boss, asking her to transfer $100,000 to a bank in Hong Kong for a supplier. Her boss has often asked her to do such transaction and it does not appear to be an unusual request, so Judy go ahead and transfer the money over.
Until a few day later, the supplier call and arrange for his payment which shocked Judy as she thought she has already transfer the money to him. Consulting her boss, she then found out that the boss has never send her any email for the transfer. Upon checking the email, they realize the email was a spoofing email that looks very similar to the boss’s email except for 1 letter.
Does this sound familiar to you? This kind of spoofing attacks have been reported all over newspaper and business journal and yet people are still falling for it.
How can you protect yourself against it?