How to Prevent Email Spoofing & Phishing

Over the last few years cybersecurity has been a growing worry for companies worldwide. The problem they face however, is remaining aware of new and advanced tactics. After all, it has only been a few years since the 2015 McAffee survey which determined that 97% out 19,000 global respondents were unable to recognise a phishing email.

It only takes one person to not recognise a phishing email and a company’s day to day operations can be brought to a halt. The impact of a phishing email to a company’s resources and reputation can be disastrous.

This article contains information on how to prevent spoofing emails. It will outline not only what cybersecurity measures can preserve your company’s data, but how a full-service digital agency like Netmatters can provide a top quality bespoke IT and cybersecurity solution.

What is Spoofing?

Our IT team are receiving an escalating amount of requests to deal with ‘spoofing’ emails. The term refers to how cyber criminals mask their true identities behind a seemingly legitimate email address.

The most common form of spoofing is through a false IP address. This method exploits ‘trust relationships’ between devices on the same network, which is when an IP address is used to verify the identity of a computer rather than an individual login. In spite of new and advanced ways of detecting phishing emails, data breaches are more often than not a result of human error. Therefore it is paramount that users exercise constant vigilance. If you believe you’ve received a suspicious email, ask yourself the following questions:

• Was I expecting this email? Am I being asked to pass it on to another member of staff?
• Do I recognise this sender? If yes, does this email match the tone and style of previous emails I have received?
• Am I being asked for any sensitive information such as a password or bank details?

Emails are part and parcel of any employee’s daily routine. It is estimated that the average office worker receives about 90 emails a day. This makes people much more susceptible to taking emails at face value, rather than remaining alert to potential cybersecurity threats.

Two of the best defences against spoofing and other malicious emails are Domain-based Message Authentication, Reporting and Conformance (DMARC) and DomainKeys Identified Mail (DKIM).

DMARC and DKIM work in tandem to verify where scam emails are being sent from. DKIM employs public key cryptography to prove whether an IP address is authentic. DMARC is a system put in place that informs users whether an email has passed or fail DKIM verification. Over the last few years, as concerns about cybersecurity have grown, adoption of DMARC and DKIM has become more and more widespread.

“70% of global consumer mailboxes are currently DMARC-enabled”

Source: “DMARC – Defeating Email Abuse” CERT-EU Security Whitepaper 17-001

How Do I Set Up DMARC and DKIM?

Short answer – with the help of Netmatters, you don’t have to. DKIM and DMARC are free, and it is enabled by default for inbound emails but not for outbound. Instead, emails are verified against their IP address by default. Fortunately Netmatters can take the problem out of your hands, setting everything up for you for your own peace of mind. This is just part of our extensive range of IT & Cybersecurity services.

If you are like many businesses and are concerned about spoofing, phishing or any other threats to your company’s data, you can receive expert guidance from our team of certified cybersecurity specialists.

We are ISO-27001 certified and are also fully GDPR compliant, offering our clients a comprehensive site audit, a bespoke long-term plan and regular proactive reviews.

Want your company’s IT & cybersecurity in the right hands so you can focus on your business’s goals? Contact us via the form below or ring us on 01603 515007 today.