Email Spoofing Protections
Although email spoofing is a prevalent, persistent threat, there are several ways to protect yourself or your organization from it.
Technical precautions
There are a few technical precautions you can take to prevent email spoofing tools from accessing your system. For example, if you send emails using a subdomain, it can be harder to spoof your email. You would want to use @help.yourcompany.com instead of @yourcompany.com.
You can also have your IT team update your Domain Name System (DNS) by adding a sender policy framework and two mailbox exchange records. These records enable your domain to allow a verified third party to send emails on behalf of your domain. Once set up, the mail server routes the messages from the third party to the custom domain.
1. Use anti-malware software
Anti-malware software can prevent email spoofing by identifying then blocking suspicious websites and detecting spoofing attacks. Once the software has identified a suspicious sender or email, it can stop the email from ever reaching your inbox. Even though spoofed emails cannot be stopped at the source, anti-malware software can work like a force field to protect your system from them.
2. Use email signing certificates to protect outgoing emails
An email signing certificate gives you the ability to encrypt emails so that only the intended recipient can access the content within the message. You can also apply a digital signature so that the person receiving the message can make sure the email was sent by you, as opposed to someone spoofing your email address.
Email encryption certificates use asymmetric encryption, in which a public key encrypts the email and sends it to the recipient. The recipient has a private key for decrypting the message. In this way, both the message and any included attachments can be sent and received securely.
3. Conduct reverse IP lookups to verify the real sender
With a reverse IP lookup, you can tell if the apparent sender is the real one, as well as where the email actually came from. You can use an online reverse lookup tool to identify the domain name associated with the IP address. This is, in effect, an email spoofing test. If the IP address is different from where the email supposedly came from, you have just identified an email spoofing attack.
4. Audit email accounts to see how they respond to SPF and DMARC
enables email senders and receivers to figure out whether a message is from a legitimate sender, as well as how to treat the email if it is not. DMARC, essentially, checks the credentials of an email.
Part of the DMARC process involves the Sender Policy Framework (SPF), which is used to authenticate the message being sent. If the message fails to pass either SPF or SPF alignment, it will fail the DMARC process and be rejected.
DMARC also uses the DomainKeys Identified Mail (DKIM) method for message authentication. If the message being sent does not pass either DKIM or DKIM alignment, it will, similarly, fail DMARC and be rejected.
Other precautions
In addition to software-based anti-spoofing measures, there are other steps you can take to protect your organization from email and domain spoofing attacks. In some cases, you just have to keep an eye out for things that raise suspicion. In other situations, some basic education can be used to empower team members to protect themselves.
1. Provide cyber awareness training for your employees to help them identify threats
To an unsuspecting employee, a fake email may look legitimate. Often, this is because the employee has never been exposed to email spoofing before. In other cases, although the employee has seen email spoofing in the past, a novel form of spoofing may slip their notice. To combat this, you can initiate educational programs designed to equip employees with the ability to spot and handle modern email spoofing tactics.
To achieve the best results, the training should be ongoing. You can periodically update the training materials and teaching methods to reflect new developments in the email spoofing arena. The training should also include what to do when a spoofing attempt isdiscovered.
Watch for unknown, odd, or spoofed email addresses
Often, the types of email addresses you see in the messages you receive are either predictable or familiar. Watch out for unknown or strange email addresses. If you get an email from an address that raises suspicion, verify its origin before interacting with the content. Once you have identified a spoofed email address, stay on the lookout for them in the future. Attackers will try using the same tactics more than once, which can make previously spoofed addresses easier to pick out.
