Last month we wrote about the consequences of having a small business owner email account stolen. This article is about an expolit that happens far more frequently. Phishing attacks happen every day. Good anti-spam/anti-spyware systems can provide a lot of protection. We use and recommend Mimecast for our clients. Still, it's possible for sophisticated fraudulent emails to get through. Here's some good advise for everybody regarding how to check emails, even ones that appear to be from trusted senders.
By now, you’ve heard about phishing – fraudulent emails that masquerade as communications from a legitimate source that trick unsuspecting readers into giving up personal information or compromise their machines with spyware or viruses. Thankfully, email filtering and security has improved a great deal over the past few years. Unfortunately, no matter how effective the security, some phishing emails will always make it to the inbox – that’s where you come in. Here are some tips to help you identify a phishing or spoofing email.
Don’t trust the name
A favourite phishing tactic is to spoof the display name of an email. It’s easy to set the display name of an email to anything – you can do it yourself in Outlook or Gmail. It’s the simplest and most easily detected form of e-mail. Spoofing involves simply setting the display name or “from” field of outgoing messages to show a name or address other than the actual one from which the message is sent. When this simplistic method is used, you can tell where the mail originated by checking the mail header.
You can’t trust the header
It’s not just the display name that can be spoofed, but also the email header. Emails are built on some very old technology (in internet terms): SMTP, or Simple Mail Transport Protocol. When you send an email, it goes to a SMTP server first, then the message is relayed from SMTP server to SMTP server across the internet. When the message arrives at its penultimate destination, the email is stored in the recipient’s mailbox at a POP3 (Post Office Protocol 3) server. Finally, the message is fetched by an email client so the recipient can read it. While this may seem complicated, the important thing to remember is that SMTP just passes along what it was given. Clever fraudsters can fool the SMTP server into sending along an email that isn’t legitimate.
There are several, technical ways to figure out if this is the case, but the simplest method is to see where the “reply to” section of the full header will lead you to. If it indicates that your reply would be redirected to an address that’s different from the sender’s address, then you have good cause to be suspicious.