Who’s Spoofing your Emails?
By: Alicia Hernandez, Think Technical Writer
It’s the holiday season, and I wouldn’t be a good business partner and friend if I didn’t warn everyone about the invasion of phishing emails that your company is probably fighting off this season. Those pesky Black Hats are getting smarter while creating phishing emails that are becoming more and more difficult for the average end user to decipher between actual company emails and phishing emails.
We have seen spoofed emails intelligent enough to reflect recent IT announcements that have gone out to the company with the ever-present request for your username and password. For example, one company, while preparing for their migration to Microsoft Office365 (see our Featured Partner section from our October #ThinkPress) had been sending out company announcements informing their employees of the maintenance and migration that would be happening on their mailbox. Within a few weeks of sending out these emails, the following phishing email started making its way past the anti-spam filters and into the mailboxes of end users:
——– Original message ——–
From: HelpDesk <firstname.lastname@example.org>
Date:12/05/2014 1:55 AM (GMT-07:00)
Subject: Final Notice-Email Account Verification
Dear Email User,
We sent you an email earlier that we are handling a minor upgrade on all
Email Accounts on this server and you will not be able to send and
receive e-mails until you verify your mailbox. Until date we have not
received the informations we requested. Kindly Submit the requested
details for upgrade inorder to avoid disconnection from our school email
Copyright © 2014, All Rights Reserved
Let’s face it, your users are doing their online holiday shopping on your company systems – 44% of their holiday shopping will be done online this year1. This greatly increases the risk of your employees and your company! They are dealing with the typical stress of the holiday season, and when the “Helpdesk” sends out an email saying they are going to lose their email if they do not reply with their username and password, they panic and reply without even thinking. Other spoofs to educate your users about includes: emails from their banking institution, emails with fake discounts or coupons, phony tracking numbers for holiday packages, and other bogus links that lead your users to a malicious website2.
Do not let your employees fall victim to these clever Black Hats! Spam filtering and anti-virus software is a must-have, but it usually is not enough. You should constantly be educating your users and reminding them of the dangers of phishing emails. Sending them informative articles such as this one from Norton by Symantec, which includes tips for identifying phishing emails and protecting themselves against these cybercrimes, regularly, is not only recommended but absolutely necessary.
1 CBS News (2014). Holiday shopping scams give hackers access to your data. http://www.cbsnews.com/news/holiday-shopping-scams-put-americans-on-alert-for-hackers/
2 Alliance Technologies (2014). Increased phishing scams during the holidays. https://www.alliancetechnologies.net/blog/bergeronl/increased-phishing-scams-during-holidays