Knowing the Difference Between Email Spoofing and Email Compromise. Email Security & Phishing 101 |
No matter what kind of business you are in, email attacks like Phishing and the more targeted Spear-Phishing are on the rise. One common tactic for a more targeted attack involves bad actors impersonating others in order to get someone that person works with to do something they want, like wire money. Because email is such a common vector for these attacks, it is important that we educate ourselves on some of these key points. Business Email Spoofing: The most common form of impersonation, BES attacks, happen when an attacker changes the settings on their email program to show the name of someone you know at a different return address. More directed forms of this attack can even register a look-alike address to make it more convincing. Say you have a contact Bob Smith from HomeFinders.com that you work with as your Realtor. His email is Bob@homefinders.com.The email program will often only show the sender’s name in the preview of the message and only show the full return address in the main message window. If you only look at the preview, you might miss a carefully crafted message. The real bob looks like this: Bob Smith <bob@homefinders.com> But the Person Impersonating Bob changes their email to say this: Bob Smith <bob.homefinders@gmail.com> or Bob Smith <bob@h0mefinders.com> Notice in this example they have registered a similar domain with a Zero instead of the letter “O.” It can be easy to miss this, and without the proper controls in place you could end up talking to this person thinking they are Bob. The reason BES attacks are hard to block is that there is nothing technically wrong with someone being named Bob Smith and sending you email from another address. It takes awareness that you know Bob and that it is not coming from the right address to fight this attack. Your attention and awareness are key. Business Email Compromise: BEC is somewhat less common and harder to spot. BEC happens when an attacker can gain full access to an email account and they use that account to send you email from a legitimate address. Say you are working with a banker: Tina Jones <tjones@bankofca.com> Unfortunately, the other day Tina opened a malicious email that said her account was about to expire and logged into a malicious website with her work email username and password. The bank allows certain users (like Tina) to login without a 2FA code. Now the hacker has access to her email account. The hacker can now send you email pretending to be Tina from the legitimate address: Tina Jones <tjones@bankofca.com> They even have access to her sent items to grab a copy of her signature and check out her communication style. They can then setup a rule to send emails from you to a hidden folder or external account and use this to trick you into wiring them money. What Can I do? Have Education & Skepticism Both BEC and BES are real and ongoing threats to companies of your size. The most powerful tool you can have is vigilance and education. You can be skeptical. Assume things are not what they seem. Financial Process Controls – Put controls in place that any external financial transaction over a certain amount requires internal review and external authentication using a second method such as a call from you to a published phone number for the company, not a number they gave you in email. Email System Harding – To make sure your email is not compromised you should talk to your us to ensure that precautions are in place such as 2 Factor Authentication, Email Rule, and Login Alerting for your mail users. Advanced Anti-Phishing – To combat Email Spoofing, we do have additional advanced tools available that can help to combat this tactic. Ask us for more info today. |