Imagine: a client’s employee logs into their email account and discovers a lot of undeliverable bounce-back emails. However, they weren’t responsible for sending them, and customers are starting to complain about the amount of spam coming from their account. Obviously something’s wrong, but what? Is it a hacker spoofing their email? Has their entire email account been compromised?
To help protect their clients and their data, MSPs must make sure their employees know the key differences between email spoofing and business email compromise (BEC) attacks before they take steps to prevent these scams. Here’s everything you need to know.
What is email spoofing?
Email spoofing is when a hacker forges the header of an email so it appears to be from a legitimate source rather than the hacker’s own email address. Hackers do this to trick spam filters into allowing their fraudulent email into their targets’ inboxes, and to lead recipients to believe these emails can be trusted.
Email spoofing is almost alarmingly easy to do—all the hacker needs is a working Simple Mail Transfer Protocol (SMTP) and an email application like Outlook or Gmail. Once the hacker has written the fraudulent message, they can forge the fields found in the message header. Typically, the hacker will edit the From, Reply-To, and Return-Path addresses to make the email appear as if it originated from the legitimate address. SMTP is the key to a spoofing attack’s success because these protocols don’t have a mechanism for email sender authentication.
Email spoofing attacks are often successful because targets are more likely to click on malicious links that appear to be from a legitimate source. Unfortunately, spoofed emails can be hard to spot if the recipient isn’t sure what to look for. If you’re questioning the legitimacy of an email, you can inspect its source code, find the originating IP address, and trace it back to the real sender. You can also look for a failed Sender Policy Framework (SPF) check, which is a protocol that authenticates email senders.
To help prevent email spoofing in the future, businesses should make sure they’re implementing these email security best practices:
- Avoid including your email address in online blogs or posts when possible—bots can harvest your address this way
- Learn how to open and read email headers to spot signs of spoofing
- Use reverse IP lookups to verify senders
- Check email accounts and see how they respond to SPF and Domain-based Message Authentication, Reporting and Conformance (DMARC)
What is a business email compromise attack?
A business email compromise (BEC) attack is an exploit in which a hacker gains access to a corporate email account in order to imitate the target’s identity and defraud their company. Typically, the hacker will simply create an email account almost identical to that of the target’s and hope the unsuspecting employees won’t notice (e.g., [email protected] vs. [email protected]). The five major archetypes of BEC scams are standard account compromise, attorney impersonation, CEO impersonation, false invoice schemes, and data theft.
This technique is often very successful. According to the FBI’s 2019 Internet Crime Report, BEC attacks cost businesses over $1.7 billion in losses in 2019, and COVID-19 has only led to a spike in these kinds of exploits. Abnormal Security research found a 200% increase in invoice and payment fraud BEC attacks from April to May 2020.
BEC attacks are similar to email spoofing because they both involve a hacker masquerading as a legitimate sender or source. In fact, email spoofing is one of the main ways cybercriminals can carry out a BEC attack, along with sending spear-phishing emails and deploying malware. The key difference between BEC attacks and email spoofing is that the former always involves a request for the target to transfer money. A spoofed email might pretend to be a well-known shopping website and ask the recipient to provide a password or credit card number. However, in a BEC attack, the hacker will pose as a specific person (such as your boss) for the purpose of requesting money.
To help keep your business email from being compromised, you can:
- Color code employee email accounts to reflect internal and external communications
- Flag emails with extensions suspiciously similar to company email accounts
- Implement two-factor authentication to increase security when making payments online
- Instruct your employees to carefully inspect email requests for fund transfers for abnormalities
Selecting an email security tool to protect your business
The best thing you can do to help prevent email spoofing and BEC attacks is use enterprise-grade email security tools. N-able™ Mail Assure is a cloud-based email security solution designed to help you thwart email-borne threats with advanced technology. Collective threat intelligence based on data from over 23 million inboxes protects your business from a wide variety of threats like malware, spear phishing, social engineering attacks, and many more—and machine learning means Mail Assure continues to improve over time. Real-time pattern recognition captures known, unknown, and emerging threats detected in your business and uses that information to inform future security protocols.
To combat email spoofing and BEC attack specifically, Mail Assure supports SPF, DKIM, and DMARC protocols to catch spoofed emails before they make it to your inbox. Also, this solution’s abuse management features highlight the users or accounts that are sending out spam so you can prevent IP blocklisting. In the unlikely event that you do still fall victim to an email-based attack or your email provider’s server is down, Mail Assure also helps provide 24/7 built-in email continuity with an accessible web-based console.
With N-able Mail Assure, you have everything you need to protect your business accounts and preserve your company reputation. To see firsthand how Mail Assure can help protect your business from email spoofing and BEC attacks, a 30-day free trial is available.