Spoofing emails are emails that look like they come from someone legitimate or from a well-known corporation. The most common spoofing emails is known as a whaling email, which is set up to be sent from a high-value target. Attackers will spend a lot of time on social media, discovering who is the CFO, CEO, or CIO of the company. An example of a spoofing email: Your CEO is requesting money or items be purchased through irregular channels. Luckily, there are ways to identify these and how to delete them.
1. Always check with the sender by phone call if you are unsure if they sent it. Take no action until you can verbally confirm that this is a legitimate email.
2. Look closely at the from address:
a. It may be spelled closely, but not exactly correct.
b. It may be from a domain that doesn't make sense the way it is spelled:
i. gogle.com instead of google.com.
3. The tasks in the email seem inconsistent with the personality or position held by the person it is said to be from.
Attackers are great at creating scenarios where the employee feels a sense of urgency or fear of consequences. Tools such as Microsoft 365 has advanced threat protection in place to help spot if a spoofing email has been sent to your inbox. Start protecting yourself and your business from spoofing emails by installing Microsoft 365. Want to learn more about how Microsoft 365 can benefit your business? Click the link below to read about the features and benefits.