Email Spoofing - What Is It & How to Protect Yourself
Computers & Technology → Technology
- Author Steve Neuss
- Published April 29, 2022
- Word count 835
Email Spoofing – What Is It & How to Protect Yourself
Within days of being hired, a new employee in our accounting department received an email from our CEO asking them to place an order for much needed equipment. Excited to be part of the team and show responsiveness our new champion almost fell victim to a growing type of cyberattacks.
The email seemed appropriate and looked legitimate – we were just a few clicks away from being hacked and compromised by a spoofed email. This wasn’t the first time we received a suspicious message. In fact, cybersecurity experts say attacks are up 300% in this past year.
What is email spoofing?
Email spoofing is a technique used by hackers to trick you into thinking a message came from a person or organization you know or trust – most commonly your CEO or colleague, though often vendors or brands.
Can you tell the difference between paypal.com and paypaI.com?
Spoofed emails look legitimate – often creating a sense of urgency or need for action. If pretending to be from someone in your organization, commonly from a person of authority but could be a peer. If from an external source, even clicking links in them take you to landing pages that look just like the real vendors landing page (branding, logos, layout, etc.) – put next to the real site, they look nearly identical.
Email spoofing statistics
• Over 3 billion domain spoofing emails are sent each day
• More than 90% of cyberattacks start with an email message
• 43% of cyber attacks target small and medium sized businesses
• 69% of hackers say they were never detected by a company’s security measures
• It takes over 6-months on average to detect a breach (they’re in your business for a long time)
How to prevent from being spoofed
During a recent Cybersecurity Insurance webinar, local experts discussed steps to drastically reduce the risk of being compromised and shared recommended actions to take if you receive a suspicious email. As Steve Szubinski, president of PCA Technology Group shared, it’s all about layers of protection.
-
Enable Multi-Factor authentication (MFA). Microsoft 365 includes MFA with the service; however, it is turned off by default. If you are not sure it has been enabled for your company, contact your trusted IT provider. According to Microsoft, MFA can block over 99.9 percent of account compromise attacks. While MFA won’t prevent you from receiving a disguised malicious email, any compromised accounts will be difficult to use.
-
Enable External Email Notification. When this service is enabled with your Microsoft 365 subscription, a notification banner will appear across the top of any email that originated outside your company. In the case of our new employee in the accounting department, it would have been obvious that the email did not come from our CEO.
-
Cybersecurity User Awareness Training. 1 out of every 3 people would fall for a spoofing email without regular training. Effective programs require at minimum annual training. PCA offers complimentary sessions each month - check our Events page for dates & times. Tools such as KnowBe4 have proven to reduce the risk to less than 5%.
-
Confirm Requests. Our attorney partners recommend that you always confirm requests via phone prior to taking any action asked in an email. Do not follow the instructions in the message, rather use the phone numbers and web address you know for your colleagues, vendors, and customers.
If you think an email is suspicious
Contact your IT team or your IT service provider, even if the email is urgent or time sensitive. They will verify if it is legitimate and can even move the email to a “sandbox” where it will not be able to impact your organization. Fear you already clicked something potentially harmful, turn off your computer and contact IT support.
Cyber insurance providers like Lawley Insurance require organizations to have proper protocols in place so employees know what to do if they suspect an attack. Organizations should have a physical copy of their insurance policy handy along with a physical copy of their incident response plan. The plans should clearly identify who is responsible for managing an incident and who is responsible for communications – both internal and external communications. There are legal reasons your company should call a potential threat an incident until it has been verified truly as an attack.
Take these straightforward steps to significantly reduce your risk
Proactive measures will protect you from costs of business interruptions, data or financial loss, and reputation threats.
• Talk with your IT provider and ensure your layers of cyber security are working for you,
• Ensure all staff at your company attend regular cybersecurity user awareness trainings (consider a service like KnowBe4 for added protection),
• Review your cyber insurance policy with your provider, plus
• Update your Incident Response Plan and prepare your team to follow it when needed.
Unsure of your organization’s overall cybersecurity posture, use a Free Cybersecurity Self-Assessment Tool like the one available on PCA's Cybersecurity page or contact our experienced team at info@pcatg.com (by phone at 716.632.5881).
For more information, please contact:
Steve Neuss, Director
PCA Technology Group, Inc.
info@pcatg.com
716.632.5881
Article source: https://articlebiz.comRate article
Article comments
There are no posted comments.
Related articles
- GoPDF An Online PDF Editor Releases Mobiles Apps Compatible with iOS & Android: A Faster Solution for PDF Editing
- The Best AI Logo Generators in 2024
- Adapting to Rising Parcel Rates in 2024 with Business Central and Order Ship Express
- Zoviz Launches New Solutions Day by Day to Users as An AI Logo Maker
- Is Your Finance Strategy Ready for ERP Software?
- A Beginner's Guide to Starting a Career in Web3
- Harnessing the Power of License Plating in Dynamics 365 Business Central
- Crypto Weekend: Hydra Being “Abandoned”, New Blockchain Games And Partnerships
- Crypto And Web3: Integration That Opens Up New Opportunities
- Top 10 Features You Didn't Know Existed in Product Configurators for Business Central
- Enhancing Test Case Reusability with Execution Recording
- The Ultimate Guide to Hiring ASP.NET Developers for Your Business
- INVESTIGATING THE NEW MACBOOK AIR M3: STOCKPILING AND SPEED EXPERIENCES
- How to Fix Sump Pump Drainage: A Complete Guide to Keep Your Basement Dry
- From Paper to Digital: Transforming QA with Dynamics 365 Business Central
- How AI Content Moderation Keeps Your Brand Afloat
- the best metal detector
- You’re probably not ready for AI. Guide to K-12 data collection.
- Elevate Your Business Central Experience with Free Barcoding Integration
- Choosing the Best SMS Gateway Provider: 5 Essential Features for Success
- Designing Easy to Use Software: Understanding the Basics of UX Testing in Quality Assurance
- The Link: Merging Brains and Computers
- Machine translation vs AI translation: What sets them apart?
- Navigating the Path to Data Excellence: A Guide to Choosing the Right Power BI Consultant with GTH Cloud 365
- The Future of AI: Exciting Times, Big Questions
- The Evolving Landscape of SEO in 2024: Navigating the Digital Frontier
- Customize Your Gaming Console To Optimize Your Gaming Experience
- Data Recovery Complications
- Unveiling the Power of Digital Platforms
- Revolutionizing Connectivity: Digital Transformation in the Telecom Industry