Have you ever seen a strange email from a friend—or worse, from people within your own company? Have you ever been unsure if an attachment is really what it says it is? If so, continue reading below to find out what this actually is and how to protect yourself from it.
If you've seen an email that looks like it's from a friend, it doesn't necessarily mean that they have been hacked. Here is a spoofed email is when the sender purposely alters parts of the email to deception as though it was authored by someone else. Commonly, the sender’s name/address and the body of the message are formatted to appear from a legitimate source, as though the email came from a bank or a newspaper or legitimate company on the Web. Sometimes, the “spoofer” will make the email appear to come from a private citizen somewhere.
The tools necessary to spoof email addresses are surprisingly easy to get. All you need is a working SMTP server (aka, a server that can send email), and the right mailing software.
What You Can Do to Protect Yourself
So, if you're looking to protect your inboxes from messages like this, there are a couple of things you can do:
- Turn up your spam filters and use tools like Priority Inbox. Setting your spam filters a little stronger may—depending on your mail provider—make the difference between a message that fails its SPF check landing in spam versus your inbox. If an important person is spoofed, you'll still get it, though.
- Pay attention to details. When a suspicious email comes in, you'll be able to open the headers, look at the IP address of the sender, and see if it matches up with previous emails from the same person. You can even do a reverse lookup on the sender's IP to see where it is—which may or may not be informative, but if you get an email from your friend across town that originated in Russia (and they're not traveling), you know something's up. If you are unsure how to do this, contact Reis for assistance.
- Never click unfamiliar links or download unfamiliar attachments. This may seem like a no-brainer, but all it takes is one employee in a company seeing a message from their boss or someone else in the company to open an attachment or click a funny link to expose the entire corporate network. Many of us think we're above being tricked that way, but it happens all the time. Pay attention to the messages you get, don't click links in email (go to your banks, cable companies, or other website directly and log in to find what they want you to see), and don't download email attachments you're not explicitly expecting. Keep your computer's antimalware up to date.
- Be very suspicious of emails from familiar people asking you to wire transfer money to some account. Double check with the sender of they really are asking for a wire transfer.
- Also be very suspicious of invoices from random companies. These are generally sent to your bookkeeper or accounting staff with a demand to pay.
Reis just wanted to notify all of our clients about one of the current internet scams to help keep everyone safe and aware. If you put a prevention plan in place for yourself and your company, it will help protect things like this from happening. If you are ever unsure about something you have been contacted about, either contact the person directly via phone to confirm it is in fact them or contact Reis and we can investigate the issue further.
We also have created infographic to help your company stay protected and aware of spoofing. Download the infographic and place it in your office for everyone to be aware what to do when receiving a strange email.