In the last few months, the team at Signal Networks have seen a dramatic rise in the number and sophistication of spoofed emails being sent. It’s vital that organisations stay aware of spoofed emails and have the correct procedures in place should one get past your security procedures due to human error.
Spoofed emails are malicious emails sent by spammers but with a disguise on them. This disguise is a masquerade to trick users into believing it’s been sent from a reputable source when in fact, it’s an unknown and harmful source.
Usually spoofed emails are sent from email addresses that are very similar to legitimate ones that a user recognises. For example, you could be used to receiving emails from [email protected] however you may receive a spoofed email from a [email protected] or [email protected] .
Should a spoofed email get past undetected, they can often carry malicious content or links to redirect the user to harmful websites.
There are four indicators a user can look for to recognise a spoofed email, these are:
- Look closely at the senders address. Is everything spelt correctly with all the letters in the right order without any additional symbols (e.g. hyphens)? If it’s not, it could be a spoofed email
- Are you expecting an email with that type of content from the sender? If Jane or Tom are suddenly asking for your bank details, is that a usual request for them? How about their language, is the tone of voice typical and is their signature characteristic for what you’re used to?
- Is the reply to address the same? Sometimes, spoofed emails can misdirect your reply and send it to an account they have control over. Crafty spoofed emails will make very subtle changes to the reply address which can often be missed when rushing or not thinking.
- If you’re unsure and something just doesn’t feel right, simply check. This could be with Signal Networks or contacting the sender by phone (not on the number listed in the suspicious email though).