The danger of domain spoofing
Domain spoofing is a type cyberattack where hackers use a fake or "spoofed" web domain or email address to impersonate an organization or one of its employees. Domain spoofing typically is conducted by sending emails or building websites with fake domain names that seem to be legitimate, but where the lettering of the domain address is changed in slight but in hard to detect ways. Spoofed websites or emails will mimic the organization's design and branding to create an appearance of legitimacy. Users responding to email or web domain spoofing may be duped into revealing sensitive information, giving up their login credentials, wiring money to a fraudulent account or otherwise engaging in actions that harm the organization.
Mimecast provides easy-to-use, cloud-based solutions that effectively block domain spoofing and other web security threats in email and the web. With Mimecast Web Security and Mimecast Targeted Threat Protection, organizations get an integrated solution for protecting email and the web from domain spoofing and other email and web security threats.
Stop domain spoofing with Mimecast
Mimecast provides solutions that help companies mitigate risk and reduce the cost and complexity of building a cyber-resilient organization.
To protect against domain spoofing via the web, Mimecast Web Security solutions block user access to web resources that may be malicious or that are considered inappropriate for business use. When a user requests a web resource by clicking a link or entering a URL in a browser, Mimecast serves as a web security gateway and inspects the address to make sure it is legitimate, using advanced threat intelligence and the company's own security policies. For web resources that are considered safe, Mimecast permits immediate access without delay. When web sources are deemed to be suspicious or unacceptable, Mimecast blocks access and informs the user of the reasons why via a block page.
To protect against domain spoofing via email, Mimecast Targeted Threat Protection uses DNS authentication services, including SPF/DKIM/DMARC, to evaluate domains and to block email deemed to be suspicious. Mimecast also protects against domain spoofing with:
- URL Protect, a service that uses multiple, sophisticated detection engines and threat intelligence to block users from clicking on malicious links within email messages.
- Impersonation Protect, a service that performs real-time scanning of all inbound emails to identify potential anomalies in headers, domain similarity, sender spoofing and suspect email body content.
Benefits of mitigating domain spoofing with Mimecast
Mimecast email, web and DNS security solutions provide many benefits to organizations seeking to combat domain spoofing and other delicious attacks.
- Comprehensive security. Mimecast provides a solution that integrates email and web protections against domain spoofing and other attacks at the DNS layer. Delivered as a single, integrated, multi-tenant cloud solution, Mimecast enables organizations to adopt a holistic approach without incurring the cost, complexity or risk of deploying multiple best-of-breed solutions.
- Advanced threat intelligence. Mimecast combats domain spoofing and other threats with intelligence developed by a globally distributed team of analysts and security experts who monitor Mimecast services 24x7x365.
- Simplified administration. Mimecast's integrated solutions can be managed from a single, administrative console, applying security policies, policy configuration, user accounts, roles permissions, directory synchronization and audit reporting across both email and the web to accelerate implementation and ROI.
- Easy scalability. With Mimecast, organizations can quickly and easily scale security solutions as the company grows to combat domain spoofing and other attacks, while leaving the task of managing and upgrading infrastructure to Mimecast.
- Robust reporting. Mimecast includes built-in reports that enable administrators to gain complete visibility into the status of email and web security.
FAQs: What is domain spoofing?
What is domain spoofing?
Domain spoofing is a type of cyberattack where hackers attempt to convince users that an email or web address belongs to a legitimate and generally trusted organization, when in reality it directs the user to a fake site that is under the control of a cybercriminal. Users who fall prey to domain spoofing may be convinced to reveal sensitive information to someone they believe is legitimate and trustworthy, or to wire money to what they believe to be a legitimate account.
How does domain spoofing work?
Domain spoofing typically works by using a domain in an email or building a website with a domain that appears to be legitimate, but that actually has a very small and hard to detect differences for the original which, if a user replies to an email or clicks on a link, directs the user to a illegitimate or spoofed website or to respond to the wrong person. Spoofed websites will typically be designed to look identical to legitimate sites in order to fool users and get them to reveal sensitive information, give up their login credentials, or take actions that harm the organization.
How to prevent domain spoofing?
Mimecast Web Security prevents domain spoofing by inspecting every URL in real time to determine which web resources are safe and which are not. Mimecast Targeted Threat Protection inspects email content and URLs to identify any domains that may be illegitimate, blocking user access to the resources.