One day Judy, head of the finance department, receive an email from her boss, asking her to transfer $100,000 to a bank in Hong Kong for a supplier. Her boss has often asked her to do such transaction and it does not appear to be an unusual request, so Judy go ahead and transfer the money over.
Until a few day later, the supplier call and arrange for his payment which shocked Judy as she thought she has already transfer the money to him. Consulting her boss, she then found out that the boss has never send her any email for the transfer. Upon checking the email, they realize the email was a spoofing email that looks very similar to the boss’s email except for 1 letter.
Does this sound familiar to you? This kind of spoofing attacks have been reported all over newspaper and business journal and yet people are still falling for it.
How can you protect yourself against it?
There are 2 type of email spoofing
1. Your email address is used directly (email@example.com) to send email to everyone
2. The hacker register a domain and set up an email address that looks very similar to yours (firstname.lastname@example.org) (notice the small difference here?)
Whoever receive the email will think you send it, and start following the instruction that is given inside – transfer money, request confidential files, password etc
So how do you go about protecting your company from such attack?
An SPF record is an entry added to the DNS zone for a domain. This record verifies that a user has permission to send mail from a domain, preventing email from being spoofed for your domain. This method works only for the first type of email we listed above, it prevent them from sending email using your email address directly.
1 tell tale sign your email is being spoof directly is when you start receiving a lot of error bounce message for email you have never send. When that does happen, go ahead and set up a SPF record to stop the hacker.
The second email spoofing is harder to defend against as it rely on human error, however that does not mean it cannot be done. You will need to implement security policy for the employees to follow. 1 such policy is to have the employee called the sender to confirm the orders and instructions in the email are correct. Considering the amount of email being send and receive everyday can reach upward of 100s, this policy is not really practical for most companies.
Another more convenient way of doing it would be to have everyone send important emails only via secured email encryption. Using our Total Email Compliance, these email are automatically encrypted when you send it out and only the right person that you send to is able to open it. Before anyone open the email, the server will have already verified that is really send by you, reducing the risk of someone spoofing as you. And because you can used secured email encryption for your external emails too, your customers will not make the mistake of transferring money to the wrong person like Judy.
At Blazon Technologies, we specialized in protecting our clients’ environment and data, ensuring they can keep running their business even if disaster strikes them. To find out how we can help you with your security and protection, contact us for more information.