“Someone has hacked our email!”
We frequently hear from administrators and users freaked out because their contacts are receiving janky email that looks like it’s from them or their company when it most definitely isn’t. Usually that bogus email also includes a link that is oddly and irresistibly compelling for the recipient to click. A vague and cryptic message like “Check this out!” or “Some food for thought” can be enough to fool someone. But your email hasn’t been hacked, just “spoofed.”
Spoofing is a very common way to spread malware. Just like the name suggests, it’s when someone imitates your displayed email address or company domain name to trick the email recipient into a response. That desired response can be anything from getting them to wire a gob of money, pay an invoice, or click on a link that will load malware on that user’s device.
Major well-known companies like FedEx, American Express, and the U.S. Postal Service have been spoofed, and so have a lot of “regular Joes.” The bad guys want to cast a wide net and see who they can trick. So is there any way to stop this?
The short answer is, “It ain’t easy.” There are several tools available to you that can help with spoofed emails, but it requires that the recipients use systems that actually check to verify the authenticity of the sender. For network administrators, we suggest Googling the following tools used to help mitigate spoofing. You will need to setup these DNS (TXT) records with your DNS service provider:
1) Sender Policy Framework (SPF)
2) DomainKeys Identified Mail (DKIM)
Don’t know what any of that means, but really sick of the spoofing? Contact us and we’ll help you get these steps implemented. We’d be happy to help.
Do you have any spoofing horror stories to share, or any advice to add? We’d love to have your thoughts in our comments section.