Email Spoofing is an increasingly common tactic cyber attackers use to deceive victims. By creating fake senders that appear legitimate, attackers can impersonate legitimate senders to gain access to sensitive data or install malware onto devices.
Be wary of email spoofing by looking for messages that suggest immediate or urgent actions; additionally, inspect an email's header to see whether its SPF, DKIM, or DMARC validation has passed muster.
CEO Fraud
CEO fraud refers to email attacks in which an impostor poses as the CEO of a company to deceive staff into sending funds or disclosing sensitive data. The FBI estimates this cyberattack caused $26 billion worth of losses worldwide.
Hackers conduct this attack by conducting online research using platforms such as LinkedIn and company websites to identify senior employees and C-level executives within an organization. Once identified, hackers create highly convincing-appearing emails utilizing information gleaned about them both as individuals and as employers, typically starting by alerting recipients that a CEO or another senior executive needs assistance with an urgent, confidential matter.
CEO fraud attacks take advantage of the urgency and authority that come from being asked by an executive, as most people tend to comply with requests made by their superiors if those requests appear legitimate. Because hackers can get away with CEO fraud attacks so quickly, the best way to defend against them is to train users to recognize these emails and respond responsibly when receiving such requests.
CEO fraud attacks typically use social engineering techniques rather than malware or malicious code, making it harder for security tools to detect them. Training may help, as well as having an effective DNS filtering system and fraud guard measures to stop these threats from entering your network.
Tessian's Machine Learning-based email Spoofing Detection technology detects potential CEO fraud attacks by examining both the content and metadata of inbound emails, including checking for discrepancies between display names, email addresses, URLs, registration dates, and any malicious messages sent out - helping protect both employees and your business from being compromised by these types of attacks. When an employee receives a suspicious email, they should report it immediately to the operational staff so these messages are blocked in the future.
Business Email Compromise
Business Email Compromise (BEC) is an advanced phishing attack for company employees. Criminals impersonate decision-makers to gain money, access systems, and steal sensitive data. Criminals launch BEC attacks by hacking legitimate or spoofed company email accounts to create legitimate messages and even employ domain spoofing techniques to create emails that appear from actual senders.
Criminals generally begin their research by determining which employees of their target organization to impersonate. They might do this by conducting online and social media research or by targeting specific people, such as accountants or those responsible for payments within an organization. Criminals then perform extensive social engineering by gathering publicly available information about their target to build up an accurate profile and create clear email messages with authentic, genuine email addresses.
Phishing involves criminals gathering personal information like names, titles, and contact details of potential targets and key business transaction data such as payment dates and amounts for key transactions. Once this data has been acquired, criminals use it to create convincing impersonation attempts that look legitimate, such as requests for funds from any regular business transaction.
Criminals frequently make their requests appear urgent or confidential to increase their odds of success. Sometimes they even insert messages into ongoing email conversations for added authenticity and as proof that their request came from an honest person.
Once criminals gain an employee's trust, they direct them to transfer funds or assets into a compromised account and use those funds either illicitly or to blackmail target companies further for more money.
According to FBI figures, BEC scams cost US businesses an estimated $1.8 billion annually. One way of protecting themselves against BEC is training employees to identify falsified or compromised business email addresses, along with any urgent or confidential requests, wire transfer instructions, and any misspellings or grammar errors that are out of character with their usual writing style.
Ransomware
Ransomware is a cyberattack that targets computers to demand payment from individuals, businesses, and public institutions. Ransomware attackers typically gain entry to victims' computers through social engineering, usually by sending emails with malicious attachments disguised as attachments or website links disguised as email attachments that, when clicked upon, download malware onto victims' devices.
Once malware is installed on a device, it typically encrypts all files hosted there before demanding a ransom in Bitcoin from its victim. Cyber attackers typically set low ransom prices to elicit fear among their targets, who fear losing valuable information they hold dear and pay up accordingly.
An effective defense against ransomware lies in proactive cybersecurity measures, including installing secure Email Gateways with targeted attack protection that scan for malware, attachments, and URLs in emails sent out. Furthermore, employee training must include awareness of phishing attacks.
Ransomware attackers may use infected devices belonging to victims to mine cryptocurrency without their knowledge, commonly referred to as "crypto mining." Such attacks have become increasingly common and have had severe financial repercussions for companies and individuals.
If your business falls victim to ransomware attacks, you should act swiftly to identify and eradicate it from its network. As well as this, determine what has been encrypted by ransomware and take steps to recover any that was encrypted by it; also visit No More Ransom Project to see if there is a free decryptor available for it; restore files from backups on devices or digital forensic analysis of original data before encryption by ransomware as quickly as possible to limit further spread. Moreover, disconnect systems as soon as possible to limit spread.
Identity Theft
Email spoofing is used in phishing attacks and social engineering schemes to make recipients think an email came from someone they know or trust, convincing them to click malicious links, open malware attachments, or wire funds for corporate gain. Attackers use various techniques to make their spoofed emails seem more trustworthy - such as mimicking legitimate emails in terms of style and content as well as stressing urgency or using other social engineering tactics - leading to attacks ranging from standard phishing and spam to more advanced BEC schemes and more.
The spoofing email involves altering the "From" field in an email message to conceal the true identity of its sender's address, typically by altering the SMTP protocol that routes emails or using simple utilities or scripts found online. Once the fabricated email has been sent out, an attacker can monitor any activity on recipient devices that comes through as a result of receiving it.
Spoof emails can effectively circumvent security countermeasures that authenticate their sources since their source cannot be verified. As block lists and spam filters cannot detect these fabricated emails, attackers may quickly spread malware or launch man-in-the-middle attacks with ease.
When inspecting an email, it's essential to carefully study its entire header to see if all information matches. Suppose the "Received" section doesn't correspond with "From," this could indicate that something fishy is happening. In that case, furthermore, it is advised that you never open any attachments or click any links without first verifying them as safe sources. Another way to guard against spoofed emails is by creating a secondary email account for all online activities. Some services, like Gmail, Outlook, or ProtonMail, offer free private accounts, protecting your primary account from being sold or compromised and reducing the risk of spoofed messages. Furthermore, use a password unique from those used with banking accounts or sensitive data when setting up this secondary email account.
