Forget about ransomware and trojans – have you heard about email spoofing yet?
Email spoofing is a method in which the cybercriminal makes an email appear as though it was sent from somewhere it wasn’t, such as a client’s, vendor’s, or even superior’s email address.
For example:
A hacker sends a spoofed email to the HR manager’s superior, asking for confidential employee information. The HR manager would never give that info to a stranger, but if they thought the email was from their superior, they might just go ahead and send it, immediately compromising sensitive data.
But wait, there’s more – according to the Federal Trade Commission (FTC), firms like yours that discover they have been spoofed are required to notify their clients.
But wait, there’s more – according to the Federal Trade Commission (FTC), firms like yours that discover they have been spoofed are required to notify their clients. Their report, “Businesses Can Help Stop Phishing and Protect their Brands Using Email Authentication“, notes two key methods to help prevent email spoofing:
- Domain level email authentication tools, which will help to verify whether an email claiming to be from a particular business actually did.
- Domain Message Authentication Reporting & Conformance (DMARC) tool, which will allow your entity to learn how the spoofer is misusing an entity’s domain, and then tell the receiving email computer server to ignore similar emails.
Sound complicated? It can be, but the good news is that Brainlink will help. We’ll provide robust, extensive training for you and your employees so you can recognize email spoofing when they get to your inbox so you can deal with them accordingly.
For more information about how to stop business email spoofing from harming your firm, reach out to the Brainlink team right away at (917) 685-7731 or raj@brainlink.com