Email Spoofing - What Is It & How to Protect Yourself
Computers & Technology → Technology
- Author Steve Neuss
- Published April 29, 2022
- Word count 835
Email Spoofing – What Is It & How to Protect Yourself
Within days of being hired, a new employee in our accounting department received an email from our CEO asking them to place an order for much needed equipment. Excited to be part of the team and show responsiveness our new champion almost fell victim to a growing type of cyberattacks.
The email seemed appropriate and looked legitimate – we were just a few clicks away from being hacked and compromised by a spoofed email. This wasn’t the first time we received a suspicious message. In fact, cybersecurity experts say attacks are up 300% in this past year.
What is email spoofing?
Email spoofing is a technique used by hackers to trick you into thinking a message came from a person or organization you know or trust – most commonly your CEO or colleague, though often vendors or brands.
Can you tell the difference between paypal.com and paypaI.com?
Spoofed emails look legitimate – often creating a sense of urgency or need for action. If pretending to be from someone in your organization, commonly from a person of authority but could be a peer. If from an external source, even clicking links in them take you to landing pages that look just like the real vendors landing page (branding, logos, layout, etc.) – put next to the real site, they look nearly identical.
Email spoofing statistics
• Over 3 billion domain spoofing emails are sent each day
• More than 90% of cyberattacks start with an email message
• 43% of cyber attacks target small and medium sized businesses
• 69% of hackers say they were never detected by a company’s security measures
• It takes over 6-months on average to detect a breach (they’re in your business for a long time)
How to prevent from being spoofed
During a recent Cybersecurity Insurance webinar, local experts discussed steps to drastically reduce the risk of being compromised and shared recommended actions to take if you receive a suspicious email. As Steve Szubinski, president of PCA Technology Group shared, it’s all about layers of protection.
-
Enable Multi-Factor authentication (MFA). Microsoft 365 includes MFA with the service; however, it is turned off by default. If you are not sure it has been enabled for your company, contact your trusted IT provider. According to Microsoft, MFA can block over 99.9 percent of account compromise attacks. While MFA won’t prevent you from receiving a disguised malicious email, any compromised accounts will be difficult to use.
-
Enable External Email Notification. When this service is enabled with your Microsoft 365 subscription, a notification banner will appear across the top of any email that originated outside your company. In the case of our new employee in the accounting department, it would have been obvious that the email did not come from our CEO.
-
Cybersecurity User Awareness Training. 1 out of every 3 people would fall for a spoofing email without regular training. Effective programs require at minimum annual training. PCA offers complimentary sessions each month - check our Events page for dates & times. Tools such as KnowBe4 have proven to reduce the risk to less than 5%.
-
Confirm Requests. Our attorney partners recommend that you always confirm requests via phone prior to taking any action asked in an email. Do not follow the instructions in the message, rather use the phone numbers and web address you know for your colleagues, vendors, and customers.
If you think an email is suspicious
Contact your IT team or your IT service provider, even if the email is urgent or time sensitive. They will verify if it is legitimate and can even move the email to a “sandbox” where it will not be able to impact your organization. Fear you already clicked something potentially harmful, turn off your computer and contact IT support.
Cyber insurance providers like Lawley Insurance require organizations to have proper protocols in place so employees know what to do if they suspect an attack. Organizations should have a physical copy of their insurance policy handy along with a physical copy of their incident response plan. The plans should clearly identify who is responsible for managing an incident and who is responsible for communications – both internal and external communications. There are legal reasons your company should call a potential threat an incident until it has been verified truly as an attack.
Take these straightforward steps to significantly reduce your risk
Proactive measures will protect you from costs of business interruptions, data or financial loss, and reputation threats.
• Talk with your IT provider and ensure your layers of cyber security are working for you,
• Ensure all staff at your company attend regular cybersecurity user awareness trainings (consider a service like KnowBe4 for added protection),
• Review your cyber insurance policy with your provider, plus
• Update your Incident Response Plan and prepare your team to follow it when needed.
Unsure of your organization’s overall cybersecurity posture, use a Free Cybersecurity Self-Assessment Tool like the one available on PCA's Cybersecurity page or contact our experienced team at info@pcatg.com (by phone at 716.632.5881).
For more information, please contact:
Steve Neuss, Director
PCA Technology Group, Inc.
info@pcatg.com
716.632.5881
Article source: https://articlebiz.comRate article
Article comments
There are no posted comments.
Related articles
- 10 Ways to Transform Production Scheduling in Business Central
- Master the Art of Gamification with Our Engaging App
- 10 Reasons Business Central Users Leverage Advanced Inventory Count
- The Ultimate Guide to 3D Animation: From Basics to Advanced Techniques
- Mitsubishi Electric proves heat pump compatibility with microbore pipework
- The Role of AI Services in Customer Experience and Satisfaction
- Google DeepMind Launches Gemma 2: A New AI Model Revolutionizing Research and Development
- How Do AI Solutions Drive Productivity And ROI In Business?
- Is Verizon Total the same as Verizon Prepaid?
- What is the best prepaid phone company?
- Why Small to Large Companies Continue to Use Dated/Dinosaur Technology
- 10 Ways Business Central’s Quality Inspector App Streamlines Quality Assurance
- 10 Ways Business Central’s Quality Inspector App Streamlines Quality Assurance
- The Rise of Sustainable Technology: Shaping a Greener Future
- Why Bullseye Engagement Offers the Best OKR Software for Businesses
- Web Development Companies in Canada
- How EasyPDF™ Forms Save Time & Money at Home and in the Workplace
- The One and Only 15-Second Digital Lien Waiver to Complete and Submit in Record Time Using the Free Adobe Reader
- The Impact of Employer Branding on Leadership Recruitment
- Augmented Reality (AR) in Business: Why Your Company Needs It
- Top 10 Reasons to Use Business Central’s License Plating App
- The Hidden Advantages of European Offshore Development Companies
- App Development: Transforming Ideas into Reality
- Automate you Chauffeur Service with A to Z Dispatch
- The Impact of Machine Learning and AI on Business: What the Future Holds In the modern busine
- Generate Flashcards Fast with AI: The Ultimate Solution for Developers
- Blockchain Interview Guide: Essential Questions and Answers for Success
- Eight Free Business Central Apps That You’ll Wish You Had
- How Artificial Intelligence (AI) and Machine Learning (ML) Are Transforming Computer-Based Trading Platforms
- The Role of Gas Engineers in Modern Energy Systems: Linking to Sustainability and Innovation