Is your business email spoof proof?
National Cyber Security Centre’s (NCSC) new quarterly report highlights the risks of email spoofing to New Zealand businesses.
The NCSC’s latest report shows most incidents reported by organisations in Aotearoa are once again related to phishing.
Phishing remains a big issue as scammers continue to harness new technology to carry out increasingly sophisticated online attacks. One of the methods highlighted in the quarterly report is the use of email spoofing to carry out phishing campaigns.
All about spoofing
Email spoofing is the practice of making an email look like it came from someone else. If you use a business email, an online attacker could impersonate your domain and send out emails to your customers that look like they came from you.
They could either do this by creating an email address that looks similar to yours. For example, your customer could receive an email from sender@example.org when the valid email is sender@example.com. At other times, the sender matches your valid email address. This can happen if you or your email provider does not have adequate protections in place.
Spoofing is different from business email compromise. A business email compromise happens when an online attacker succeeds in getting access to your organisation’s email. On the other hand, when your email address is spoofed, the attacker has made it appear like the email came from you but does not actually have access to your account.
Be on the lookout
Email spoofing can negatively affect your business. Your customers could believe that the phishing email they received came from you and be tricked into giving away their information or money. Incidents like these could also damage your company’s reputation.
The good news is that you can protect your business email from being spoofed. We have put together a useful guide that explains the risks associated with email spoofing the protections you can put in place or ask your email provider to implement.