According
to recent research from cybersecurity specialists at Kaspersky, the number of email spoofing attempts has increased
significantly month over month. The overall number of spoofing assaults
increased to 8,204 in May, up from 4,440 the month before, according to
the company.
It
seems that a variety of methods fall under the category of "email
spoofing," since Kaspersky claims the assault may be carried out in a
variety of ways.
The
easiest method is “legitimate Domain Spoofing”,
where the attacker inserts the domain of the spoofed entire organization into
the “From” header, but criminals are also using "display name spoofing”.
The attacker spoofs the person sending the email to make it appear as though it
was sent by a legitimate employee in this attack, which generally happens when
a firm utilizes complex authentication mechanisms.
Email spoofing involves the creation of fake emails that
appear to be real in order to mislead users into taking actions that benefit
the attacker. This might include things like downloading malware, granting
access to networks or data, divulging personal information or transferring
funds.
These
“spoof” emails frequently look to emanate from legitimate organizations,
endangering not only the targets but also the reputations of the companies
whose domains were exploited.
Spoofed
emails can also be used as part of bigger, multi-stage attacks, such as ones
aimed against doxing corporations. And these kinds of attacks are becoming more
common.
Attackers
will have to use another approach if a firm has deployed one of the latest mail
authentication mechanisms. This can take the form of "display name spoofing," in which attackers impersonate the person sending the email, making it appear as though it was sent by a
legitimate corporate employee.
1.
To avoid
spoofing, follow these steps:
- Ø Calls from unknown numbers should not be
answered. If you receive such a call, hang up right away.
- Ø If you receive a call from someone claiming to
represent a company or government agency, hang up and contact the phone number
shown on your account statement, in the phone book, or on the company's or
government agency's website to confirm the request's validity.
2. To prevent being a victim of an email scam
- Ø When opening an email or an attachment, always
think twice before clicking.
- Ø Make sure the return email addresses are
correct. Pick up the phone and contact the sender of the email to verify if
anything doesn't seem right, too good to be true, or urgent. This one more step
can make a significant impact.
- Ø If you receive an email from someone you don't
know, don't open the attachment.
- Ø Take your time reading the email. Is the text
in character or does it sound right?
- Ø Never send your social security number or
birth date by email.
“The good news is that there are a
variety of anti-spoofing security solutions
and new authentication standards available that may help keep your corporate
email secure.”