IT Blog

Best Practices security User info

Spoofed emails and the repercussions

A spoofed email is one in which the sender’s address has been forged. It’s not hard to do…..really!

I’ve sent emails to friends in the past appearing to come from ghengis@themongols.com threatening invasion but like to think I’ve matured since then.

You’re thinking “Big deal, I can recognise a fake email and I wouldn’t do anything silly anyway” which is great. Well done you.

However, you can be the victim of a spoofed email that’s directed at someone less smart that you.

For example: Someone sends an email to school spoofed as having come from you and saying that Uncle Buck will collect your 8 year old son from school early to take him to a dental appointment that you’ve just remembered. OK, that’s unlikely with the security in modern schools but you get the picture. More likely is that an email arrives with one of your customers or suppliers purporting to come from your accounts department informing them of a change of bank and providing new transfer details to be used for the payment of invoices. Hell, it might even offer a 25% discount for the settlement of current outstanding amounts if completed within 24 hours. By the time you realised it would be too late.

So – you’ve been warned but what can you do?

You can’t stop the spoofing. The security measures available will help but it’s a constant battle between the bad guys and the good guys and it’s always going to be a neck and neck race with the lead constantly changing.

We’d suggest you think about the procedures you have in place. Inform your business partners that they need to verbally confirm any changes in payment (and other) processes. Remind them that email is NOT secure. Point them at this blog post and suggest they subscribe as knowledge combined with common sense is free and very important.

Also, enquire with us if you would like to know about secure, signed and encrypted email options which can all help.

Again, remember standard email is NOT secure.