Hackers: Spoofing emails4.10.2019
It goes without saying that email is a fundamental platform for business communication. As we immerse ourselves in more technology, we have adapted to the virtual world and have embraced it as a method to communicate.
Most of us are guilty of sending emails internally, in situations where you could speak on the phone, or face to face.
‘Spoofing’ is a form of hacking, where a hacker imitates an email address and pretends to be that trusted person or business. Would you second guess an email that has been sent to you from your colleague?
Traditionally, hackers have targeted senior members of organisations, like directors and non-executives. They send emails from the victim’s email address to people within the organisation, asking for money to be sent to specific bank details. These attacks are rewarding for hackers because huge sums of money can be transferred without question, leaving the poor employee left to explain them self and the company in financial turmoil.
More increasingly so, lower level employees are being targeted, with their emails being spoofed to send emails such as requesting for their wages to be sent to different bank details. This is a less rewarding tactic, but works on a much larger scale and is less likely to be questioned.
Hackers have also become aware of when employees are less likely to second guess emails. They focus on sending the emails on Monday mornings when people are working through a backlog of emails. This makes them less alert to anything suspicious and therefore play into the hacker’s hands.
How to protect your business
- Make your team aware – it’s important that your employees know what to look out for
- Look out for spelling and grammar mistakes, or a different tone from usual in emails
- Call the colleague who emailed, confirming that the email was definitely from them, whether it is asking for money, or has an attachment you weren’t expecting
- If there’s a sense of urgency within the tone of the email that feels unnecessary, double check with the sender
- Try not to post email addresses online; if you have to, replace elements of it so they can’t be easily harvested, such as replacing the ‘@’ symbol with ‘at’ and ‘.’ with ‘dot’