Email Spoofing - What Is It & How to Protect Yourself
Computers & Technology → Technology
- Author Steve Neuss
- Published April 29, 2022
- Word count 835
Email Spoofing – What Is It & How to Protect Yourself
Within days of being hired, a new employee in our accounting department received an email from our CEO asking them to place an order for much needed equipment. Excited to be part of the team and show responsiveness our new champion almost fell victim to a growing type of cyberattacks.
The email seemed appropriate and looked legitimate – we were just a few clicks away from being hacked and compromised by a spoofed email. This wasn’t the first time we received a suspicious message. In fact, cybersecurity experts say attacks are up 300% in this past year.
What is email spoofing?
Email spoofing is a technique used by hackers to trick you into thinking a message came from a person or organization you know or trust – most commonly your CEO or colleague, though often vendors or brands.
Can you tell the difference between paypal.com and paypaI.com?
Spoofed emails look legitimate – often creating a sense of urgency or need for action. If pretending to be from someone in your organization, commonly from a person of authority but could be a peer. If from an external source, even clicking links in them take you to landing pages that look just like the real vendors landing page (branding, logos, layout, etc.) – put next to the real site, they look nearly identical.
Email spoofing statistics
• Over 3 billion domain spoofing emails are sent each day
• More than 90% of cyberattacks start with an email message
• 43% of cyber attacks target small and medium sized businesses
• 69% of hackers say they were never detected by a company’s security measures
• It takes over 6-months on average to detect a breach (they’re in your business for a long time)
How to prevent from being spoofed
During a recent Cybersecurity Insurance webinar, local experts discussed steps to drastically reduce the risk of being compromised and shared recommended actions to take if you receive a suspicious email. As Steve Szubinski, president of PCA Technology Group shared, it’s all about layers of protection.
-
Enable Multi-Factor authentication (MFA). Microsoft 365 includes MFA with the service; however, it is turned off by default. If you are not sure it has been enabled for your company, contact your trusted IT provider. According to Microsoft, MFA can block over 99.9 percent of account compromise attacks. While MFA won’t prevent you from receiving a disguised malicious email, any compromised accounts will be difficult to use.
-
Enable External Email Notification. When this service is enabled with your Microsoft 365 subscription, a notification banner will appear across the top of any email that originated outside your company. In the case of our new employee in the accounting department, it would have been obvious that the email did not come from our CEO.
-
Cybersecurity User Awareness Training. 1 out of every 3 people would fall for a spoofing email without regular training. Effective programs require at minimum annual training. PCA offers complimentary sessions each month - check our Events page for dates & times. Tools such as KnowBe4 have proven to reduce the risk to less than 5%.
-
Confirm Requests. Our attorney partners recommend that you always confirm requests via phone prior to taking any action asked in an email. Do not follow the instructions in the message, rather use the phone numbers and web address you know for your colleagues, vendors, and customers.
If you think an email is suspicious
Contact your IT team or your IT service provider, even if the email is urgent or time sensitive. They will verify if it is legitimate and can even move the email to a “sandbox” where it will not be able to impact your organization. Fear you already clicked something potentially harmful, turn off your computer and contact IT support.
Cyber insurance providers like Lawley Insurance require organizations to have proper protocols in place so employees know what to do if they suspect an attack. Organizations should have a physical copy of their insurance policy handy along with a physical copy of their incident response plan. The plans should clearly identify who is responsible for managing an incident and who is responsible for communications – both internal and external communications. There are legal reasons your company should call a potential threat an incident until it has been verified truly as an attack.
Take these straightforward steps to significantly reduce your risk
Proactive measures will protect you from costs of business interruptions, data or financial loss, and reputation threats.
• Talk with your IT provider and ensure your layers of cyber security are working for you,
• Ensure all staff at your company attend regular cybersecurity user awareness trainings (consider a service like KnowBe4 for added protection),
• Review your cyber insurance policy with your provider, plus
• Update your Incident Response Plan and prepare your team to follow it when needed.
Unsure of your organization’s overall cybersecurity posture, use a Free Cybersecurity Self-Assessment Tool like the one available on PCA's Cybersecurity page or contact our experienced team at info@pcatg.com (by phone at 716.632.5881).
For more information, please contact:
Steve Neuss, Director
PCA Technology Group, Inc.
info@pcatg.com
716.632.5881
Article source: https://articlebiz.comRate article
Article comments
There are no posted comments.
Related articles
- Free Test Management Tools: Top Picks for QA 2025
- How Bullseye Engagement’s Competency Tracking Software Enhances Workforce Performance
- Lesson Management Systems: Shaping the Future of K-12 Schools
- What Are the Features and Tech Stack of Web3 Game in UAE?
- Artsyl Technologies Recognized Among Top Performers in Accounts Payable Automation
- The Role of 5G and Advanced Networks in the United States: Bridging the Digital Divide
- ADA Price Prediction: What Experts Say About Cardano's Future Value
- The Rise of Software to Monitor Employee Computer Activity: Balancing Productivity, Privacy, and Ethics
- Electronic Document Management System: Efficiency and Challenges in the Digital Age
- Why Shift Scheduling Matters: How to Optimize Labor Costs in Business Central
- Green Banking Market: Trends and Opportunities by 2030
- Troubleshooting Common Windows Server Issues: IT Support Services in London for SMBS
- Freight Price Rules in Business Central for Transparent Shipping Costs
- Unlocking the Power of AI: How Artificial Intelligence is Revolutionizing Business Operations
- Top 10 AI Resume Builders for 2025
- How AI-Powered Accounting Software Saves Small Businesses Time and Money
- How to Optimize Your Practice with Healthcare Revenue Cycle Management Solutions
- How Biomethane Aligns Decarbonisation with Circular Economies
- How a Yes No Oracle Can Streamline Your Decision-Making Process
- The Essential Guide to Desktop Hard Drives
- 10 Tips to Maximize Efficiency in Business Central with Maintenance Manager
- Lean Analytics: A Practical Study Guide for Data-Driven Decisions
- Bitcoin Mining Hardware vs. Cloud Mining: Which Option Makes More Sense?
- HIRE A GENUINE CRYPTO RECOVERY SERVICE TO RECOVER FROM FRAUDLENT PLATFORMS; CYBERPUNK PROGRAMMERS
- How to Safeguard Your Tech Infrastructure Against Supply Chain Attacks
- psychophysical space time
- Top Mobile Application Development Company | Expert App Solutions
- Why Modern Businesses in Australia Need an AngularJS Development Company in 2025
- Reaching For The Skies! CNC Machining In Aerospace
- AI-Powered Content Generators: What Are the Opportunities and Challenges?