What is email spoofing?
Email spoofing is the practice of sending email messages with a forged sender address, making the email appear to be from someone it is not. Email spoofing is frequently used in phishing email, spear-phishing, and business email compromise scams to make recipients believe that the email is from a trusted source. Email spoofing may also be used by spammers to avoid spam email blacklists by sending messages under someone else’s sender address.
Protect your organization from email spoofing
Email spoofing is a highly damaging and increasingly frequent form of cyber fraud. In a spoofing email attack, a cybercriminal sends an email with a "From:" address that appears to be from a source the recipient trusts: a colleague, a friend, an executive or a well-known vendor our company. The email will typically ask the recipient to perform an action that eventually gives attackers access to networks, systems or financial accounts. Email spoofing is usually used in phishing and spear-phishing attacks, and in an impersonation attack where an email may seem to be from a CEO or CFO who is asking the recipient to wire money to an account that turns out to be fraudulent.
Defending against email spoofing requires a multilayered approach to security. Users, often the weakest link, must be empowered with knowledge and best practices that can help them know how to spot phishing and email spoofing attacks. But because it's impossible for users to identify every email spoofing attempt every time, organizations need state-of-the-art defenses that can automatically recognize and warn users about suspicious email.
Mimecast solutions to stop email spoofing
For organizations seeking a solution to prevent email spoofing, Mimecast offers Targeted Threat Protection as part of an all-in-one subscription service for email security, continuity and archiving.
As a cloud-based offering, Mimecast solutions can be implemented quickly and easily without capital expense. And by automating security and providing administrators with easy-to-use tools for setting and enforcing email security policies, Mimecast reduces the complexity and the cost of protecting against email spoofing and other attacks.
How Mimecast prevents email spoofing attacks
To thwart email spoofing attempts, Mimecast provides a suite of security technologies that include:
- URL Protect. Mimecast technology protects users from malicious URLs by scanning every destination website in real-time to identify sites which may be suspicious based on up-to-the-minute threat intelligence.
- Attachment Protect. Mimecast scans every attachment, searching for malicious code. Suspicious files can be sandboxed or rewritten to a format that enables users to safely access it.
- Impersonation Protect. Mimecast performs a deep scan on all inbound emails to search for header anomalies, domain similarity and specific keywords that may be signs of spoofing. Mimecast also provides DNS authentication using services like SPF, DKIM and DMARC to spot potentially fraudulent email.
When Mimecast identifies an email spoofing attempt, administrators have control over whether messages should be discarded, quarantined or sent on to users with a warning that the email may be suspicious.
Learn more about email spoofing solutions from Mimecast, and how Mimecast uses DMARC email security to spot suspicious email.
FAQs: Email spoofing
How do attackers spoof an email address?
Spoofing an email address is a relatively simple form of cybercrime. Attackers may change the display name and/or the "From" header in the email to pose as a trusted source, or they may create a look-alike domain that is virtually indistinguishable from a legitimate domain.
What does a spoofed email look like?
A spoofed email will appear to be from a legitimate or trusted source, but if you look closely, you may spot anomalies that identify the message as a spoofing attempt. In a spoofed email, the actual email address may be different from the display name. Also, the email address in the header will not match the sender’s email address, and the “Reply to” field in the header will not match the name of the sender.
How to stop email spoofing?
Mitigating the risk posed by email spoofing requires a multi-layered approach to security. Security awareness training can help users to more easily spot and avoid email spoofing attempts. Email filters that use DNS authentication services like SPF, DKIM and DMARC can help to lock potentially fraudulent email. And should spoofed email get past your authentication services, technology that blocks users from clicking on malicious links or opening malicious attachments can help to prevent an attack via email spoofing.
How to stop spoofing emails from my email address?
If your email address is being used by spammers or cyber criminals to initiate attacks, it’s possible that your email account has been compromised and that attackers are sending messages using your credentials. Changing your login information and using a strong password can help to stop this. It’s also possible that your account is safe and that attackers are simply using your email address as the “From:” address in the email they send. In this case, there’s little you can do except to report the incident to your Internet service provider.
How to stop email spoofing in Office 365?
Microsoft Office 365 Advanced Threat Protection (ATP) offers certain anti-spoofing features that help protect from external domain spoofing, but to provide your organization with superior protection requires a multilayered approach to email security. Security awareness training can help your Office 365 users to more easily spot and avoid email spoofing attempts, and third-party providers of email filtering software can help to block more email spoofing attacks. Finally, when spoofed emails managed to elude other defenses, technology to block users from clicking on malicious links or opening weaponized attachments can prevent spoofed emails from doing damage.