Email Spoofing Risks on the Rise

Threats and damages from email are spiking. Over the last 60 days, we've seen an increase of over 25% in the rate of new "email spoofing" cases. Some of these cases incurred losses well over $100,000 each. 

Unlike ransomware and other phishing emails, cybersecurity products cannot prevent loss from "spoofing" a receiver's inbox. With spoofing, protection relies entirely on the recipient of the email - the person using their inbox. Only an informed and aware recipient of the email can prevent damages from most email attacks today, and hackers are increasingly betting you aren't one of them. 

Which is why:

Over 90% of all cybercrime starts at the inbox and most damages are due to the recipient's own actions.

Email Spoofing

The goal of email spoofing is to make the receiver of an email believe the sender (the perpetrator) is someone else -  a known and trusted party being the source of the email. Then, assuming the recipient perceives the contents in the email body as credible, unwittingly takes action that furthers the criminal ploy.

Understanding email domains and spoofing requires abstract thinking, and sufficient explanation is beyond this letter's scope. I'll include more resources at the bottom, but the following is less about how email spoofing works, and more about how to protect yourself from being a victim.

There are a few versions of email spoofing. The variations we see most in the field are:

• Look-alike Domain Spoofing
• Display Name Spoofing

These two strains make up over 96% of all email spoofing attacks and are the versions I'll address here.

Look-alike Domain Spoofing

An early version of email spoofing is the "look-alike domain." You've likely seen one of these before; the sender's email address shows a domain name very similar to the one you know and trust. But, it's just slightly off, with a character reversed or other illusion to trick the recipient. 

A simple example of Look-alike Domain Spoofing:

ilovepizza.com is spoofed with a look-alike domain: llovepizza.com

I have no idea if the above websites are legitimate - I just wanted to use an example and this is what first came to mind. Maybe I should break for lunch!

Here is an important point; don't be too confident you're sharp eye will always notice a look-alike domain spoof. Criminal email phishers and spoofers are at the cutting edge of social engineering and behavioral  manipulation.

Always remember, the hacker has to fool you just once. You, on the other hand, have to successfully protect every time.

Earlier this year, a charity lost $1 million to a look-alike domain email spoof.

Display Name Spoofing

On the rise recently is a more sophisticated version of email spoofing known as "Display Name Spoofing." 

With the Display Name Spoofing approach, for the recipient at the inbox, it appears the domain name is accurate, the sender's email address is correct, and everything, including the content of the email, matches expectations. 

The screenshot below is an example of Display Name Spoofing from my inbox.

The email from the image above arrived in my inbox and appeared to be from myself.

Clicking the display name field, which is showing my name, opens the dropdown list to identify the sender's email address. In a Display Name Spoof, the sender's actual address is masked and replaced with an address the recipient knows and trusts.

In this case above, the hacker wanted me to believe he hacked my account and the email was coming from my own email box.

Click here to see the entire spoofed email, including the hacker's instructions for paying  the extortion demand to his BitCoin account.

I believe Display Name Spoofing is fast becoming the most insidious and potentially damaging email-related risk today.

How to Protect from Spoofing

With stolen personal information and a little research, a hacker using the Display Name Spoof can engineer and customize an email attack that can fool anyone.

In the video below, I use real-world examples including from my own inbox, and explain how to avoid being a victim of email spoofing using your TDS webmail email tool.

TDS Private Email Customers - your webmail includes a tool for helping you identify suspicious emails, including spoofed emails. 

What is TDS Doing to Prevent Spoofing? 

Total Digital Security finds the best IT security technology available to protect individuals and personal technology. We make enterprise-grade cybersecurity systems accessible, affordable, and simple to use for anyone. 

Innovation in IT security is on fire. Fueled by fresh capital and powerful advances like AI, machine learning, and cloud-based Security Operations Centers. Cybersecurity technology is advancing to help email users determine the legitimacy of messages in their inbox.

Here are the specifics:

SPF - Sender Policy Framework - is an email authentication method designed to detect forging sender addresses during the delivery of the email. https://en.wikipedia.org/wiki/Sender_Policy_Framework

DKIM - DomainKeys Identified Mail - an email authentication method designed to detect forged sender addresses in emails (email spoofing), a technique often used in phishing and email spam.  https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail

DMARC - Domain-based Message Authentication, Reporting and Conformance - is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail

Total Digital Security incorporates the protection listed above into the Private Email domains we host for our clients.

Stay Engaged

While we will always continue to enhance protection with technological advancements, all the best cybersecurity products in the world cannot replace an informed and engaged user.  

Stay engaged with your technology, cybersecurity products, our resources, and our people to maximize your security and process of digital transformation. Please contact us if you have any questions. 

Thanks for reading,

Brad Deflin