Spoofing and Phishing - Consulting
What is it, how dangerous is it, and how to protect your email, employees, and business from it
Spoofing is maliciously using a technical feature of SMTP to replace the From field of an email to something else. This means that the recipient thinks they got an email from one sender, but, in reality, got it from another.
Phishing is creating and sending fake emails with malicious intent, where the Subject, From, and Body fields are set up to look legitimate and trick the sender.
The purpose of spoofing and phishing attacks is to send fake emails from familiar-seeming, but, in reality, fake addresses to the victims in order to harm them. The From field has an address they trust – a colleague, friend, bank employee, a trusted company’s support team, etc. The email body is usually composed with social engineering in mind and asks the recipient to perform some action the sender wants: open an attachment, click a link to a fake site and input their account data, etc. In the end, the recipient’s PC can be infected, and their account compromised. Spoofing and Phishing attacks can be targeted at specific people, whole organizations, or a vast number of organizations. Since the recipient trusts the email, these attacks lead to reputation and financial losses, and can cause irreversible consequences for the business or individual.
The most common attack variants are:
- Forging an email from an unprotected domain and sending it to external recipients, who think they received an email from a trusted domain. Instead, the email contains malicious code, malicious phishing links, or false information (such as the “sender” declaring bankruptcy). The only limits are the forger’s imagination and goals.
- Forging an email from any organization employee, up to and including the director, and sending it within the organization. The recipients trust the “sender” and can be tricked into executing forged orders.
- If the email domain is not protected, it can have its rating lowered. This means that legitimate emails from a real address can automatically be sent to spam folders. This can lead to spending more time looking for emails, business problems due to information loss, additional strain on IT, and other negative consequences.
To defend against these attacks, you can:
- Set up basic security tools – SPF/DKIM/DMARC. These basic tools are available in the majority of email solutions and spam protection systems.
- Integrate anti-phishing link and zero-day virus solutions.
- Integrate solutions that regularly and automatically teach your employees to protect themselves by simulating attacks, or by regularly training your employees manually.
- Since there is no perfect solution from all viruses and attacks in the world, consider integrating a number of tools and methods that can help you investigate. These can also stop the attack in its tracks if a user does finally click a malicious link. One day this will happen, and you need to be ready.
What we offer:
- Setting up or helping set up basic SPF/DKIM/DMARC components.
- Demonstrating how easy it is to forge an email from an unprotected domain, using yours (or another) as an example.
- Explaining how the different Microsoft and other supplier email protection tools work (from basic out-of-the-box solutions to the most complex ones) and helping set them up.