How to Catch Spoofing Attack in 2021
It is hard to overestimate the need for cyber-security in 2021. Not only we live in a digitalized world, but we also live in the world of pandemics, hence, remote working all over the world. As people switched to their home computers, the question of security of every business became even more important and, at the same time, difficult to achieve. And, as the security of an email is often overlooked, it can lead to dreadful consequences.
Email Spoofing in 2021
There are around 4 billion email users according to Statista, 1.8 billion Gmail users alone. Roughly 306.4 billion emails are being sent and received daily. With such high numbers, cyber-criminals are not losing their opportunities to spoof an email and then phish for valuable information and credentials. As the result, in 2020 the average cost of a data breach was $3.86 million.
And it is a huge mistake, and a great advantage for the attackers, to think that only large corporations are falling victims of email spoofing and phishing. Nearly 1 in 3 organizations, involved in cyber-breach were small and medium businesses, according to Verizon’s report.
Cyber-breaches can come in all shapes and sizes, so why exactly email? Because 94% of all malware gets to a computer via email.
Read more: Why Every Business Needs DMARC
To better understand spoofing, let’s look at how a cyber-criminal tried (unsuccessfully) spoof GlockApps.
How Does Spoofing Work
What is email spoofing? It is a forging of someone else’s identity via email to convince the recipient to perform some action or give up valuable information. Usually, spoofers pretend to be a person or an organization that the recipient would trust.
To perform a spoofing attack, the malicious actor has to compromise the SMTP protocol, which isn’t hard because it was created without any security precautions. Usually, spoofers take advantage of the “From” field, “Return-path” and “Reply-to”.
We have sent a fake email with an appealing raise to ourselves. In Gmail, for example, this spoofed email will most likely not appear in the Inbox and will be marked as probable spam.
To see the details, invisible from first sight, go to three vertical dots section (More) -> show the original. There you will see all the details: message ID, “From” address, as well as the results of SPF and DMARC check.
As you can see, SPF shows “softfail” and DMARC authentication — “fail”. If you scroll further down, you will also find that the message that says it was sent from alex@glockapps.co was actually sent from emkei.cz. This is a clear indication that the email is not genuine.
The human factors play a massive role here, since not many recipients check the legitimacy of the email, especially if it looks trustworthy, sounds urgent, or comes from a seemingly legitimate source (someone they know).
How Email Security Protocols Save the Day
Today there are three commonly used email security protocols: SPF, DKIM, and DMARC.
Read the full story at GlockApps blog.
