Where would we be without email? It’s such a convenient way of communicating – particularly now many of us are working from home. Messaging each other has become second nature. So much so, we tend to forget some of email’s inherent security risks.
Email comes with a trade-off. What we gain in speed and efficiency, we lose in face-to-face contact. And that can make it difficult to be sure that the person who contacted us is who they say they are.
Knowing who sent an email sounds like common sense but bad actors are great at impersonating and making emails look legitimate. Photos can be downloaded from the internet. Email addresses can be tweaked in subtle ways. And when you’re in a sea of emails, you’d be surprised how easily you could be persuaded to click on malicious links or attachments.
It only takes one fake email to infiltrate an entire business – so make sure you and your team know the risks and how to avoid being tricked.
What is email spoofing?
As we discussed in a previous blog, phishing refers to the techniques used by criminals to deceive and manipulate people into handing over their personal details. Email spoofing is just one example.
It involves sending emails that are designed to look like the sender is someone they aren’t. Sometimes a general email can be sent to an entire workforce. Other times a single, highly targeted email can be sent to an individual – this is called ‘spear phishing’.
In both cases however, the goal is exactly the same: to trick people into performing an action that benefits the sender.
What actions? This list isn’t exhaustive, but it could include:
- Clicking on a malicious link
- Transferring funds
- Opening an attachment
- Providing login credentials
- Sharing confidential personal/financial information
- Following a link to a compromised site
Each of these actions have the potential to cause real harm to your business – both financial and reputational. Protecting against email spoofing is therefore so important. But thankfully, there’s plenty you and your business can do to stay safe.
Your business is only as strong as its weakest link
No one is exempt. From interns right up to the CEO, employees should be taught what to look out for. Red flags can include things like:
- Language conveying urgency (‘ you must click this now’ )
- The sender’s name not matching their email address
- Poor spelling and grammar
- Requests from people you wouldn’t normally receive
Aside from training, employees can use email signature certificates. This is basically a certificate that attaches to each email sent, confirming the sender’s identity. If everyone in an organization has one, suspicious emails should stand out like a sore thumb.
It’s important not to underestimate spoof emails. As your workforce grows and the world embraces flexible working, you’ll rely on email more and more – giving bad actors more chances to strike.
Another way to give your employees a helping hand to stay protected against these kinds of emails is ensuring firewalls are turned on. This will give you that extra line of defense.
Additionally, encourage your team to keep their devices up to date. It can be all too easy to snooze updates but keeping on top of them is a vital tool in the fight against email spoofing.