Call your nearest office

Or ask us a question

Search our site

What are you looking for?

Contact us on 0845 504 8989

share

Over the last few weeks we have heard about numerous cases of email spoofing within businesses.

But what is email spoofing?

In simple terms email spoofing is the creation and sending of emails that look like they are being sent by a genuine person. These can vary in sophistication from the very obviously spoofed, through to those that are very intricately constructed.

Within our own group we have seen some examples of the more intricate ones where the email spoofing has produced a near replica of the employees signature block including links and social media references. Due to our security policies and software we have managed to deal with these without issue but what happens if someone does make a mistake and responds to one?

What are the looking for?

As with all scams of this type the general end game of the email spoofing is to glean sensitive information and ultimately cash from your business. The most recent email we have seen purports to be from a senior member of staff asking for a bank transfer to a new supplier. The details of the supplier and bank account are obviously fake and it would be a simple mistake for a member of staff to make the payment. Luckily we had worked with the client to educate users on email spoofing and the member of staff noticed some oddities in the Director’s signature.

What can you do? Improve internal processes

The first thing any business can do is make sure the internal procedures for payments is tightened up and make sure there is a process for a secondary person to oversee any payments. This will help identify (hopefully) any strange requests that maybe made for client and supplier payments.

Make sure the Senior Management team and Directors follow a set routine for arranging payments to clients and suppliers. Make sure no single person can make a request for payment without it being signed off by someone else.

What can you do from an IT perspective?

Here are a few things you can apply to your messaging systems to help reduce spoofing:

Add SPF records – checks the IP address of the sender to make sure it is who it states it is from

DKIM – uses a public and private key to sign a message

DMARC – allows an organisation to publish rules on what to do with emails that fail SPF/DKIM policy checks

Email Tagging – Tag all emails that arrive from an external email system to ensure employees are aware that emails are coming from an external source

 

If you have any questions or queries regarding email spoofing please get in touch.

 

To find out more, please call us on 0845 504 8989, or complete our contact form.

Be the first to comment

Our Partners

Companies we work with closely Find out more about our partners

Vacancies

IT Consultant

HW Technology are currently recruiting to expand our IT Support Team (full ...

See vacancy

Meet your team

To read more about us and view our profiles click below.

Meet your team

About Us

At HW Technology, we're proud of our history, values and clients. Why not find out more about us.

About HW Technology

Contact Us

If you'd like to get in touch with HW Technology simply use our contact form using the link below.

Contact HW Technology

Get in touch

Whatever issue or question you have, we’ve got the answer. If you want to get in touch then please complete our form.

HW Technology Chorley

Balmoral House,
Ackhurst Park,
Chorley,
PR7 1NY

HW Technology Exeter

3 Southernhay West,
Exeter,
EX1 1JG

 

Our addresses

HW Technology Chorley

Balmoral House,
Ackhurst Park,
Chorley,
PR7 1NY

Tel: 0845 504 8989

HW Technology Exeter

3 Southernhay West,
Exeter,
EX1 1JG

 

Tel: 0845 504 8989

Ask us a question!