Business Email Spoofing On The Rise

While the headlines are focused on ransomware attacks, spoofed emails are getting sneakier and more successful. Bad actors are always finding new ways to hack their way into businesses, and spoofing email addresses are proven way of doing just that. During the first 100 days of the coronavirus outbreak, spoofing attacks increased by 30%. This type of phishing email can sneak past antivirus security and lead to data theft, fraudulent wire transfers, ransomware, BEC (business email compromise), and more. Email spoofers rely on gaining trust from an employee and often use social engineering tactics to get it. If a hacker can trick an employee into trusting them, you can bet a cybercrime is around the corner.

What is a Spoofed Email? When an email from a trusted and legitimate source is received, a staffer feels safer acting on requests by the sender. Hackers spoof another business domains by acquiring lookalike domains that easily pass for a known company vendor, partner or customer. If the email looks familiar, very few users think to examine the URL or confirm the request. The good news is companies are doing better at protecting their domains, preventing them from being used in a phishing attack. The bad news is there are millions of companies that are not protecting their domains leaving their brand exposed, so be sure to look closely at an email address especially when receiving an unexpected attachment, link or financial request.

Since email spoofs are thriving, options to protect your business against them should be considered. Aside from ongoing employee cybersecurity awareness and education, looking into domain assurance products is advised. These products can find similar domain names that could be spoofing your business right now or may do so in the future, before the bad guys find them. Waiting isn’t an option, and it could be too late if and when you find your company’s domain name, and reputation, is being damaged.

Stickley on Security