Corporate Technology Group Blog

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that has been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Team Blogs
    Team Blogs Find your favorite team blogs here.
  • Login
    Login Login form
Posted by on in Security
  • Font size: Larger Smaller
  • 0 Comments
  • Print
  • PDF

Tip of the Week: Know What Email Spoofing is So You Don’t Get Taken

b2ap3_thumbnail_email_spoofing_400.jpgHave you ever been the target of an email spoofer? This can be a difficult question to answer, especially if you don’t know what you’re looking for. Email spoofing can appear to be from legitimate sources, but the most important indicator is if the message looks like spam or fishy in general. If you ever receive a message like this, you might wonder why your spam filter didn’t catch such an obvious trap.

Email spoofing is when a hacker sends you a message that’s disguised as someone else, particularly someone you know or are associated with. This doesn’t necessarily mean that your contact has been hacked (though it could be possible), but it’s still a problem on your end. It’s up to you to identify and delete messages before you inevitably fall for one of these phishing scams. The only way to eliminate the threat of hackers is to take them seriously, and approach scams in an educated and informed manner.

How Email Spoofing Works
Email spoofing is a simple process that sounds like a lot of work, but the reality is that anyone with the proper tools can pull it off. All a spoofer needs is access to what’s called a Simple Mail Transfer Protocol (SMTP) server, and an email software. SMTP servers are fairly simple to find for free, which makes it easy to spoof names. The one on the receiving end will still see the true email address, but it will appear to be from the address or name that the spoofer enters.

Despite how easy it is to attempt an email spoofing campaign, there are still plenty of checks available that make it more challenging to pull off these days. The most notable check is called Sender Policy Framework (SPF), which takes the IP address of the sending server and then compares it to the SPF record of the appropriate domain. If the two don’t match, the receiving server denies the message. The Huffington Post describes how this works using the following example:

Let's say someone tried to spoof Bill Gates (billgates@microsoft.com): They would send an email on his behalf > the recipient server would then talk back to microsoft.com and say "Hey, I have an email that is coming from 123.123.123.123 stating that it was sent from billgates@microsoft.com."; > microsoft.com would then tell the recipient server, "No, sorry, it should be coming from 111.111.111.111." and the message would never get delivered.

What You Can Do Against Spoofing
Email spoofing, while easy to pull off, often can’t make its way through modern email solutions like Gmail and Outlook. Even if it does make it through a spam filter, spoofed messages can still be somewhat tricky to identify at times. In particular, a spoofer who has researched their target, and who they’re posing as (i.e., “phishing”), can represent a significant risk. What you want to do is look at the email address that sent the message. If it’s different from the email address you have on file, you know it’s a spoofer.

Another obvious way to spot a spoofer is if they make absolutely no attempt to disguise themselves, or if they pose as an institution that you regularly attend. If the message holds any suspicious links or attachments, make sure that you don’t click on them. Chances are that you could be walking right into a phishing scam. If the message asks you to confirm your credentials, don’t do as they ask. Organizations like banks or government agencies will never ask you to confirm information through email. Never log into a website using the links provided in an email unless you’re absolutely positive it’s not a spoofer. Instead, try to navigate to the website through your web browser using their normal URL.

One of the best ways to protect your business from email spoofing is to use an enterprise-level spam blocking solution, like the one Corporate Technology Group offers. By utilizing such a powerful security tool, you can prevent most of your spam from even hitting your inbox, which means you don’t have to deal with potentially malicious or wasteful messages. To learn more about how you can fight against spoofing and other types of online threats, give Corporate Technology Group a call at (817) 557-4091.

0

Comments

Latest Blog Entry

Is Society Really Prepared For the Drastic Changes The Internet of Things Will Usher In?
Technology has changed the world. It has changed individual lives, businesses, and the way people communicate with one another. The main reason for this is that technology, and the use of it, happens everywhere. In fact, the world has seen a huge spike in th...
Continue Reading...

Latest News

Our Site Has Launched!

Corporate Technology Group's New IT Support Portal

Welcome to Our New Site!
We are proud to announce the unveiling of our new website at Corporate Technology Group!

Read more

Contact Us

Learn more about what Corporate Technology Group can do for your business.

callphone

Call us today   
(817) 557-4091
(806) 355-3316

801 Stadium Dr Suite 112, Arlington, Texas 76011
509 S Arthur Street, Amarillo, Texas 79102

IT Support Dallas Fort Worth Network Support Dallas Fort Worth #