The other day I received an email from my boss. That is completely normal. The email was asking me to send her payroll information for all of our employees. That was NOT normal.
First off, I work in marketing, so why would I have payroll information. Secondly, it's just not the type of thing she would ever ask me for, so I was suspicious. I looked closer at the "from" information, and while it was her name that the email came from, the email address was not her company email.
I decided to send her a text and ask her if she sent me something about payroll. Lo and behold, my suspicions were confirmed - she hadn't sent me the email.
Emails like the one I describe above is an example of spoofing. Spoofing is a general term used to describe a cybercriminal pretending to be someone you would know and trust in order to scam you out of something. It could be information, it could be money, but rest assured, if you fall for spoofing, it will not be good for you.
Spoofing is a type of social engineering. Cyber bad guys use manipulation methods in order to get the information they need to cause harm. Essentially, spoofing relies on two things - manipulating you by impersonating someone you trust and then preying on that trust by asking you to take some form of action for them.
The spoofer in this type of attack forges the header of the email to appear that is coming from a trusted person. They are relying on the fact that you will see the name and won't look further into the email.
The email will likely ask for something - think a money transfer or access to company data. Because the email appears to come from a trusted person, the hacker hopes you just follow the instructions of the email without further investigation. This can lead to disastrous consequences including data breaches, theft of money or property and malicious malware.
Spoofing is becoming more prevalent every day. Brand impersonation, meaning someone pretending to represent a specific company, including your own, is up more than 360% in the last two years. So what can you do to counteract spoofing and falling victim to a cyberattack? There are several red flags to look for.
You can equip your employees to protect themselves and your business against spoofing with simple security and compliance awareness training. This type of training empowers your employees with information on the latest cybersecurity tricks that hackers are using and how to spot them before they become a problem. Training reduces the chance of a company falling victim to a cybersecurity incident by up to 70%
With Fraser's security awareness training, employees receive consistent and critical training on all aspects of cybersecurity threats. They learn how to spot the red flags before they become an incident for your business and protect your most valuable assets. You can easily deploy new training modules automatically and create spoofing simulations that test their knowledge to know where you may need more focus in your efforts. New materials are added all the time, so your employees stay on top of the latest threats.
To learn more about our security awareness training, click the orange button below and get more information.