Mimecast's anti-spoofing technology identifies website spoofing, email spoofing, DNS spoofing and other forms of fraud.
Email spoofing is one of the most frequent types of cybercrimes. Spoofing an email address means that the sender is posing as someone else in an attempt to gain the trust of the recipient. Attackers frequently spoof an email address as the first step in a spear-phishing campaign or business email compromise attack. Spammers spoof email addresses to increase the chances that recipients will open an email and respond to it.
There are a number of ways that attacker can spoof an email address. Changing the display name – the name of the sender that is visible to recipients – may be the most common. Attackers use this method to pose as a trusted individual or a trusted brand while encouraging the recipient to take action that benefits the attacker. Attackers can also spoof an email address by using a legitimate email address in the "From" header, exploiting security holes in standard email protocols. Using look-alike domains is another way to spoof an address. With this method, attackers may substitute numbers or characters from other scripts like Cyrillic for letters in the email address, or create a new domain name that has only very subtle differences from an actual legitimate domain.
No matter how attackers spoof an email address, the results can be devastating. Email recipients may be duped into revealing sensitive information like credit card data or Social Security numbers. They may be tricked into revealing login credentials that give attackers access to corporate networks. Or they may even be fooled into wiring a money transfer to a fraudulent account.
Stopping email spoofing – as well as website spoofing, DNS spoofing and other forms of fraud – requires state-of-the-art anti-spoofing technology that can keep pace with the rapidly evolving and sophisticated attack methods. That's where Mimecast can help.
Mimecast is a 100% SaaS-based service that offers all-in-one solutions for email and web security. As a cloud-based solution, Mimecast can be deployed quickly and cost-efficiently to begin protecting your organization and users right away. And with the ability to manage all solutions from a single pane of glass, Mimecast reduces the burden on IT administrators while minimizing the cost and complexity of protecting your organization from a wide range of threats.
Mimecast offers several solutions that address the multiple ways attackers can spoof an email address. These technologies are part of a comprehensive suite of security solutions that includes:
Mimecast DMARC Analyzer protects against email spoofing by simplifying the process of deploying DMARC. DMARC, or Domain-based Message Authentication, Reporting & Conformance, is an email validation system that builds on the widely used Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) protocols. To identify messages where a sender is spoofing the email address by changing the "From" header, DMARC requires that messages are authenticated with DKIM and/or SPF check, and that the information in the "From" header matches the underlying information about the sender.
Additionally, DMARC Analyzer maximizes the effectiveness of DMARC by providing:
DMARC Analyzer also provides a DMARC record checker, SPF validator and DKIM record checker that ensure the validity of records and help to uncover errors that may impact mail delivery.
Mimecast Impersonation Protect protects against attackers trying to spoof an email address by using a look-alike domain. Impersonation Protect scans all inbound email in real time, searching for any sign that the sender may be spoofing the email address by using domain similarity. Impersonation Protect searches for anomalies in the header, the use of international character sets, recently registered domains and suspicious content in the body of the email. Administrators have full control over how suspicious emails are handled, with options to discard the message, quarantine it or warn the recipient that the email is suspicious.
When attackers spoof an email address, they are posing as someone else in order to dupe the recipient into opening the email, responding to it or taking action that benefits the attackers. Email spoofing is often used at the start of devastating attacks like spear-phishing, business email compromise, CEO fraud and ransomware.
Spoofing an email address is a relatively simple form of cybercrime. Attackers may change the display name and/or the "From" header in the email to pose as a trusted source, or they may create a look-alike domain that is virtually indistinguishable from a legitimate domain.
Preventing attackers from spoofing an email address requires sophisticated technology for scanning inbound email and for taking advantage of industry protocols for authenticating email messages.