Phishing is one of the biggest threats to online security. No matter how technology evolves, phishing continues to be the most popular delivery method for all types of scams, from credential theft to ransomware infections.
In 2019, 84% of small and medium-sized businesses were targeted with phishing attacks. Many of those attacks spoofed another company’s email address, making the recipient think the scam email came from a legitimate source.
Email spoofing is an email security issue that often flies under the radar. Most business email security is focused on things like scanning file attachments for malware and viruses or preventing spam and phishing from making it to a user’s inbox.
While companies that fall prey to phishing can pay a high price, there is another victim, which is the company having their email spoofed in phishing attacks.
What is email spoofing?
Email spoofing is when an email address is used in the header of an email message that is not the email that the message is really being sent from. The purpose is to dupe the recipient into believing the email is from someone else.
In the case of a phishing attack, the perpetrator tries to use a trusted company or company that a firm may be doing business. This increases the chance that the recipient will take the desired action on a phishing email – clicking a malicious link or downloading dangerous file attachment.
For example, spoofing can use the email address of a company’s accounting department or CEO to make a customer think that a request for wire information is legitimate.
What’s the cost of email spoofing?
Companies can suffer monetary losses in a number of ways when a criminal spoofs their email domain to send phishing, including:
- Loss of customer trust
- Loss of business relationships and potential repeat sales
- Potential lawsuits from scammed clients (even though it wasn’t your fault)
- Possible blacklisting of your domain by email providers
In one case of email spoofing, Business Insider had their domain spoofed by someone who sold fake online ads to their clients. One client purchased $40,000 in ad inventory from the scammer (thinking it was the company).
How to Protect Your Business from Email Spoofing
You do have some ways to defend against having your domain spoofed and protect the integrity of your email addresses. There are three key tools that can compliment each other and provide certain authentications to ensure your domain is protected.
Each plays a different part in proving to an internet service provider, mail service, or mail server that the sender is authorized to send an email on the domain.
Following is an overview of each and how they help protect your company from email spoofing.
SPF (Sender Policy Framework)
SPF is a mechanism that confirms that an IP address or server is allowed to send email from the domain used in the “from” header.
If a phishing scammer is using your company’s email domain in their header, but their IP address doesn’t match those you designated as legitimate when you set up the SPF, the mail server can reject it.
SPF is more powerful when used along with DKIM and DMARC.
DKIM (DomainKeys Identified Mail)
DKIM is another authentication method that lets the recipient’s mail handling program know that the email is legitimate but goes a bit farther than SPF.
This framework uses a digital signature, called the DKIM signature, for an email. DKIM can also let the recipient’s mail server know if parts of the message (like the message body or attachments) have been tampered with.
What DKIM uses that SPF doesn’t is an encryption algorithm that creates a pair of electronic keys. These keys help authenticate that the email is trusted and hasn’t been altered.
DMARC (Domain-based Message Authentication, Reporting and Conformance)
This framework is one that brings both SPF and DKIM authentication together. It lets the recipient’s mail server know if those two methods are being used to authenticate the email sender and also gives instructions on how to handle the message.
DMARC includes instructions on what the receiving mail server should do if a message doesn’t pass SPF or DKIM authorization. It also provides a mechanism for the recipient’s server to report back to the sender any messages that pass and/or fail the DMARC authentication procedure.
This can help companies be tipped off if their email is being spoofed.
Why Are All Three Email Authentications Important?
All three of these email authentication methods handle a different part of authentication, which lets a mail server or ISP know that an email is trusted and legitimately being emailed, or not.
Email spoofing can damage a company’s reputation and cause monetary losses for victims, who could be their clients, vendors, or employees.
In today’s digital world, online threats are one of the biggest risks that companies face. Using the SPF/DKIM/DMARC authentications can help you improve email security and mitigate a significant online threat.
Protect Your Business Email with Anti-Spoofing Tools
Unbound Digital can help you put email authentication in place to protect your business reputation and prevent your domain being used in phishing attacks.
Contact us today to schedule a free email security consultation. Call 423-335-2461 or reach us online.