Email Spoofing – what is it and why should I care?

Email spoofing is when a hacker or spammer forges an email header to look like it has been sent from a legitimate source.

Email spoofing is most popular with people why are trying to get you to open something by pretending to be someone you know or by an organisation you have heard of.

Here are a couple of real-world examples to give you an idea of how it works:-

  • The employee receives an email from one of the directors in the business asking them to look at a spreadsheet. As the employee knows the sender, they do not question it and they ultimately open the email. This email actually has a “Macro” in it which launches a small program so they can record all your key strikes and your browser history etc. In this example (which was real) resulted in the user having her life savings removed from her bank account!

  • A person in the accounts department receives an email from the MD asking them to send a payment to a supplier (the details that are given are for the thief). As the person in accounts knows the director and he does sometimes ask for these types of payments to be done, the money is transferred without question. In this real-world example, the solicitor firm lost £25000

  • A staff worker received an email from PayPal asking them to change their password, it was not a real PayPal email but by asking the user in the email to verify it was them by sending the old password, the spoofer was able to take out just over £200 from the account. The user did not get the money back as it was the correct password used!

These are just a few ways in which these criminals try and make money from unsuspected email users. Please be vigilant and if you are unsure of how you can help protect your business and staff, please contact us and we will be happy to advise ways in which we can improve your email security.