By now, most employees know misspellings, fishy links, and questionable attachments are the telltale signs of an email scam. While this is notable evidence of successful employee education, scams and cyberattacks have only gained sophistication. Even the most savvy employees can fall for a clever email spoofing campaign.
Email spoofing is a technique scammers use to make fraudulent emails appear as if they came from a known entity. By impersonating someone familiar, scammers phish for sensitive information such as company credit card numbers, payroll data, and even login credentials to corporate networks. Many cybercrimes start with spoofing, which allows attackers to gain access and trust, then grow into more sophisticated and costly attacks.
In spite of the few email filtering options available, spoofing morphed into a major global security issue by the 2000s. In response, the European Union released a Directive on Privacy and Electronic Communications in 2002, making it illegal to send unsolicited communications without the prior consent of the recipient.
The US followed suit in 2004, but these regulations overwhelmingly failed at completely eliminating spoofing and other types of email-based spam. Even with today’s advanced cybersecurity tools, 3.1 billion domain spoofing emails are sent per day, and over 90% of cyberattacks start with an email message.
So what does a spoofed email look like? Let’s review the following example:
Alex, who is the head of Denver Dialysis Center procurement, might receive this email thinking that he forgot to pay an important invoice.
The email looks like it was sent by his contact at Medical Suppliers, Inc., Michelle, and it references the correct invoice number. But upon further examination, there are a few clues that point to Display Name Spoofing and Domain Impersonation.
Moreover, the email contains a link that will likely direct Alex to a fake portal where he'll be prompted to input his credentials and provide payment information.
And even if he doesn't click on the phony link, any replies he sends (which could contain sensitive procurement-related information) will go to the suspicious email address in the Reply-To field: "xyz@hotmail.com".
Alex, who is the head of Denver Dialysis Center procurement, might receive this email thinking that he forgot to pay an important invoice.
The email looks like it was sent by his contact at Medical Suppliers, Inc., Michelle, and it references the correct invoice number. But upon further examination, there are a few clues that point to Display Name Spoofing and Domain Impersonation.
Moreover, the email contains a link that will likely direct Alex to a fake portal where he'll be prompted to input his credentials and provide payment information.
And even if he doesn't click on the phony link, any replies he sends (which could contain sensitive procurement-related information) will go to the suspicious email address in the Reply-To field: "xyz@hotmail.com".
DKIM confirms sender domains and verifies that emails are sent from valid sources.
DKIM assigns a public key to each sender’s DNS record and creates a private key for outgoing email. If the keys match in an email exchange, it means that the messages weren’t interfered with in transit.DKIM is famously challenging to implement.
Perhaps for this reason, and the fact that a missing DKIM signature does not always mean a message is fraudulent, do if it is missing, the email will always get delivered.
However, as with SPF, DKIM does not prevent a scammer from spoofing the visible ‘from’ field.Email is now completely enmeshed with work, making spoofing prevention a baseline requirement in any organization.
Commonly used strategies like SPF, DKIM, and DMARC have severe limitations, even when employed simultaneously. In fact, as more companies adopt those tactics, attackers launch more domain impersonation attacks that SPDF, DKIM, and DMARC cannot protect against.
Read our 3 part blog series Understanding-DMARC: What’s Driving All the Hype?
AI-powered anomaly detection tools analyze both user behavior patterns and email metadata, helping the algorithms and platform better identify and respond to new spoofing techniques.
To react to spoofed emails quickly and effectively, organizations must layer advanced mailbox anomaly detection on top of SPF, DKIM, DMARC, and training.
IRONSCALES is a pioneer in the cybersecurity space, detecting email spoofing and other advanced threats better than any other platform on the market. The IRONSCALES platform includes mailbox-level anomaly detection, anti-phishing tools, and protection against business email compromise (BEC). And with intelligent automation, IRONSCALES can stop phishing emails before they even hit your employees’ inboxes.
Take the first step towards a more holistic, comprehensive approach to your security by requesting a free IRONSCALES demo today.
GET A FREE TRIAL