It may not surprise you but not all the emails we receive in our professional and personal life are actually from who they say they are. Many are from criminals seeking to carry our fraud at your expense.
It is relatively easy for a fraudster to change the sender display name in an email to reflect someone you trust in your organisation. A glance at the email sender may convince you it is valid, but on closer inspection, you will see that the email address is completely different from the display name.
For those of us that use Outlook and Office 365, Microsoft have added functionality to Exchange on-line that highlights if an e-mail comes from outside your organisation. This needs to be turned on by your IT team to provide a message similar to below so you are aware the email is external.
The fraudsters can even spoof your own domain name, so your IT team need to set your email gateway to block incoming email that comes from your domain.
Sometimes the email account of a trusted contact may have been compromised, with the fraudster sending email from a valid email account. This happens on a frequent basis where the email system is not protected by MFA and the password is breached. What can you do here? Ask yourself:
If the fraudster convinces you an email is valid, how do they get you to act and what can happen if you click that link?
They are experts at implementing a sense of urgency or making you think something bad will happen if you do not act. You may also think you are missing out on a great deal. If you think the email is from a customer, your defences may also drop.
A common means of gaining access to your system is by asking you to click on a link to access an urgent document. You will be asked to enter your credentials to access the document. All you are doing is giving the fraudster your user name and password – even the login page will be branded Microsoft. Unless you have MFA in place (and that can be bypassed) they will be able to access your email account and other systems on-line. They can now send similar fraudulent emails to your contacts.
If your device is not properly patched clicking on a link may download some software that can take advantage of vulnerabilities on your device. This gives fraudsters access to your device and the ability to access other systems in your organisation. This may result in customer data being stolen and systems encrypted and held to ransom by Ransomware.
There are other technical means that can be turned on at your domain to minimise the risk of fraudsters spoofing your contacts with emails pretending to be from you. This will also block incoming spoofed emails from your contacts. This technology is called DMARC and is used to employ a level of trust that the email actually comes from who it says it is. The detail of what DMARC does and how it is implemented is outwith this article, but is worth exploring in addition to Spam filtering.