Spoofing Emails. In many circumstances an employee may get an email that looks like it’s from a boss requesting that money be sent over to complete a transaction with another business, however, a lot of the time the money will never get to the location it was intended to be and now the company has lost a lot of money (BBC 2019). According to Search Security, the definition of email spoofing is, “the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source” (Search Security 2019).
This type of attack usually uses “low-tech” and cyber-criminals can just “simply spoof the email address of a company executive and send a convincing request to an unsuspecting employee,” usually making it seem like there’s a “sense of urgency to the order” (BBC 2019). These types of scams are only on the rise and have resulted in a great loss of money for companies around the world. According to the article I read, since 2016 these hacks have “resulted in worldwide losses of at least $26bn” (BBC 2019). Just earlier this month there was a massive take down operation of “global cyber-crime networks based on scams” in which 281 suspected hackers were arrested from 10 different countries around the globe (BBC 2019). This type of scam is actually the “most expensive problem in all of cyber-security” (BBC 2019).
It also turns out that these criminals don’t always go for the most executive targets. Sometimes they just go for whoever is the most exposed and easiest to trick. For example, sometimes “employees’ emails are spoofed and the attacker asks the human-resources departments to send a victim’s wages to a new bank account” (BBC 2019). These attacks might not always give the hacker the biggest return, but it helps them “fly below the radar” and lessens the chances of them getting caught (BBC 2019).
Finally, I wanted to discuss some ways that companies can avoid this problem from happening. An article I found online shared ways you can avoid becoming the target in these situations. First off, you want to check your SPF (sender policy framework) records and perform any adjustments if needed, and if you had received a spoofed message to “make sure your system is set to perform SPF checks” (Star Chapter 2019). Of course, you will also want to check the sender’s information very carefully as well. There are a list of smaller things to be looking out for. And of course, companies need to be educating there employees on all of this (Star Chapter 2019). If everyone knows how to spot a fake email then the company as a whole will be better protected and less likely to fall victim to these terrible scams.
Sources:
- Email Spoofing
https://searchsecurity.techtarget.com/definition/email-spoofing - 5 Ways to Avoid Being the Target of Email Spoofing https://www.starchapter.com/blog/Avoid_Email_Spoofing
- Spoofing Emails: The Trickery Costing Businesses Billions https://www.bbc.com/news/technology-49857948
Photo: