Spoofing e-mails is costing billions of dollars

28

September

2019

5/5 (2)

Fake emails these days are inevitable. The subject line, the sender and even the content of the messages seem so real that it becomes an increasingly serious problem. Fake businesses are becoming smarter in counterfeiting e-mails and collecting countless e-mail addresses to spread the messages. The reason: e-amil spoofing.

What it is

The art of forging e-mail senders and counterfeiting real business content is called e-mail spoofing. It is a technique that is often used in spam and phising practices and it helps to hide the true identity of scammers. The best-known example is an e-mail from the bank asking for login details because a certain action must be taken. The link provided refers to a page that has been copied from the bank’s website. As soon as you enter your username and password, you provide these log-in details to the scammers. The image below shows a textbook example of a fake e-mail from the Australian Commonwealth bank. What is noticeable is that initially the sender cannot see anything, but the actual e-mail address is not from the bank.

fake-email

How to prevent it

unfortunately there is little to be done to prevent e-mail spoofing. For the reason that e-mail addresses are available in countless places both online and offline. Some tips to reduce the chance of being spoofed are:

  • Do not place your contact details on a web page;
  • Do not subscribe to mailing lists. Although some are legitimate, others are not and might sell your details to third parties. Once your e-mail address ends up in the wrong circuit, it is very hard sometimes impossible to get out;
  • Do not include your details in anything online such as posting social media updates, comments, reviews and blogs. If you must, try adding “at” and “dotcom” instead of “@” and “.com”;
  • Try to warn others about saving your contact details on their personal devices. Once a laptop gets stolen, all the addresses saved on it will be spread. Currently, that kind of information is more valuable than the laptop itself;
  • Change your password frequently, use several e-mailaccounts for primary and secondary usage, run a virus scan;

How it costs billions of dollars

One of the methods is relying more on social engineering and trickery than hacking and is known as CEO Fraud. It consists of searching up the e-mail address of a manager or board member. This can be done through several ways like the company website or a simple LinkedIn profile. Than, the details of a lower-level employee are searched up and a fake message is sent. The message usually contains a sense of urgency about a payment that is due. Usually a big corporate where amounts of thousands do not seem like much and very little face-to-face contact is present are picked.

Business Email Compromise (BEC) is the most expensive problem in all of cyber-security. There is not a single other form of cyber-crime that has the same degree of scope in terms of money lost.” – Ryan Kalember

Another form of misdirection are Monday Morning, where scammers rely on the social jetlag of employees, being fooled more easily. Fake Forward is a method where scammers implement “Re:” or “Fwd:” to make it look like it is part of a previous message. Sometimes a whole e-mail history is set up to gain trust.

Ultimately, every form is fake e-mailing is counting on the fact that employees are expected to working fast and efficient, which withholds them from taking a step back and look things through sometimes.

Sources

Combell Support. (2019). ‘What is email spoofing? How can I prevent mailspoofing with my domain name?’. https://support.combell.com/en/what-is-email-spoofing-how-can-i-prevent-mailspoofing-wi-my-domain-name/507 (Accessed on 09/28/2019).

Hover, E. (2019). ‘Am I being spoofed or has my email been compromised?’. https://help.hover.com/hc/en-us/articles/217282017-Am-I-being-spoofed-or-has-my-email-been-compromised- (Accessed on 09/28/2019).

Tidy, J. (2019). ‘The email trickery costing businesses billions’. BBC News. https://www.bbc.com/news/technology-49857948 (Accessed on 09/28/2019).

 

Please rate this

Leave a Reply

Your email address will not be published. Required fields are marked *