Where would we be without email? It’s such a convenient way of communicating – particularly now many of us are working from home. Messaging each other has become second nature. So much so, we tend to forget some of email’s inherent security risks.
Email comes with a trade-off. What we gain in speed and efficiency, we lose in face-to-face contact. And that can make it difficult to be sure that the person who contacted us is who they say they are.
Knowing who sent an email sounds like common sense but bad actors are great at impersonating and making emails look legitimate. Photos can be downloaded from the internet. Email addresses can be tweaked in subtle ways. And when you’re in a sea of emails, you’d be surprised how easily you could be persuaded to click on malicious links or attachments.
It only takes one fake email to infiltrate an entire business – so make sure you and your team know the risks and how to avoid being tricked.
What is email spoofing?
As we discussed in a previous blog, phishing refers to the techniques used by criminals to deceive and manipulate people into handing over their personal details. Email spoofing is just one example.
It involves sending emails that are designed to look like the sender is someone they aren’t. Sometimes a general email can be sent to an entire workforce. Other times a single, highly targeted email can be sent to an individual – this is called ‘spear phishing’.
In both cases however, the goal is exactly the same: to trick people into performing an action that