Email Spoofing

In All by Alex Kallimanis

The people that want access to your data are getting smarter all the time. One particularly damaging and common tactic that hackers use is called “email spoofing” or “spearphishing”. Don’t let the silly sounding names fool you, email spoofing is a highly utilized and effective method of entry into your data.

It’s as simple as clicking one bad link

Simply put; a spoofed email appears to be from a legitimate source, but is coming from someone else. The email might arrive disguised as coming from your bank, an old colleague, or a company that you work with. For instance, an email originating from “Office 365” asking you to validate your username and password credentials is guaranteed to be fake. Most legitimate companies will never contact you via email asking for this information unless first prompted by you.

Likewise, you should be wary of links in emails that ask you to click to verify your account or see a “private message”. If this is the case, but the source appears legitimate, simply open your web browser and login to the website as you normally would. Typing out the URL of the website you want to reach ensures that you are being routed to the site that you want to visit.

If you receive a suspect email there’s a shortcut to find out if the links included are legitimate. If you hover your cursor over the hyperlink, eventually—either at the bottom of your browser or in a little text window—you will see where the link leads. Try it below on the two hyperlinks with the same text. You’ll see that one directs you to where you think you’re going, and the other directs to something unrelated. (Don’t worry, both of the links are safe if you accidentally click them)

Email Spoofing Facts

Email Spoofing Facts

The danger in following one of these links can be pretty apparent. If you think that you’re going to the Microsoft website and “verify” your login information for your computer, the hacker may be able to take control of your machine from you. Likewise, if you use the same process with the login information for your bank these criminals now have access to your finances. Or they may gain access to your email account, sending messages from your name asking contacts for money or perpetuating their scam on others. A savvy hacker could then redirect mail for these sent messages in a way that you might not see them until after the damage is done.

Most businesses employ filtering software on their email clients to block malicious emails from making it into inboxes. However, these threats are always evolving and may make it through your spam filter. System security starts at the user level so make sure you and your users are aware of best practices for email. If you believe that you have responded or given information to anything of this nature, log into the site in question (by typing the URL in the browser and not a link in an email) and change your passwords immediately. For more information, contact the team at First Service Carolina Today and speak with one of our technical engineers.