Email is a common tool used on unsuspecting victims to spread vicious viruses. Cybercriminals widely use email spoofing to send fake emails from look-alike domains. Spoofing is when a scammer impersonates a sender making the recipient of the email believe the message is coming from a trusted source. Look-alike domains are websites with domain names that resemble legitimate domains at first glance. They are actually fake and can be a source of problems for your business.

Examples

When reading through emails, many of us glance at the sender and don’t give the idea of phishing emails and internet scams a second thought. This is what makes these deceptive tactics so threatening. Let’s look at a few examples:

Domain look-alikes:

From: williamb@twitter.com vs. From: williamb@twiitter.com

From: purchase@amazon.com vs. From: purchase@amazonstore.com

From: support@microsoft.com vs. From: support@microsfot.com

Sometimes, these malicious emails find their way into an inbox by portraying themselves as a trusted sender with the display name. When taking a closer look at the email address you would notice that it doesn’t match what you have in your address book.

From: “John Doe” <johndoe1993@gmail.com> vs. From: “John Doe” <johnd2461@scamphish.net>

These forms of deception are dangerous because many will follow through with the scams intended action when tricked into thinking they are familiar with the sender.

Ways to Fight Spoofed Phishing Attacks

Check Email Headers
Every email contains a “receipt” of where it came from. Although these headers can be altered, they can help catch spoofed messages. Within the email header you can find the sender’s address as well as confirm that the reply-to and return-path addresses are the same. If not, that indicates that the email is coming from someone other than who they claim to be.

Always Question Unexpected Emails
When an email appears out of the ordinary, no matter how authentic the sender looks, the best solution is to use caution. Before responding or taking action, contact the implied sender via a new channel of communication. A call, text, or email sent to their address that is saved in your address book can save you from a potential attack. Never reply to a questionable email.

Implement Additional Email Control Tools

Email management tools can help filter through suspected email threats and help protect against unsafe links and attachments. There are many customizable options to fit each business’s needs without delaying important messages or disrupting communication. It is important that businesses take action and implement email security tools so they are not relying 100% on employee’s judgment.  Spam filters can give businesses peace of mind as an added layer of protection.

Educate Employees on email caution & reporting suspicious content.

Cyber threats have evolved, and it is important to use every defense against them. Educating employees is important in order to improve employee response to these attacks. One of the most effective defense strategies is awareness.