It is essential in todays world driven by email and digital communication, to have reliable and secure email policies in place. It is critical to have your SPF, DKIM and DMARC properly formatted and setup to prevent spoofing of your email. SPF as defined by Wikipedia is an email authentication method designed to detect forging of sender addresses during the delivery of the email, which is used when the email gets bounced. In an email spoofing attack, the MAIL FROM: line presented to the recipient as the return-path is forged and has no relationship to the actual sender. For example, if you got a message from your bank, for example if it looks like it came from firstname.lastname@example.org but the underlying sender was email@example.com. The email was designed to look like it came from a bank, say Wells Fargo. Yet the underlying sender, firstname.lastname@example.org was the actual sender. You can see this if you click on the visual Mail From line, to see who is underneath this attack, yet, most people don’t know this. When you hit REPLY: to this email it actually goes to email@example.com and whatever you say is now in the hands of the attacker. Now they know that you are listening to them and they can perform their social engineering attack on you.
Be extremely careful from emails that come from large corporations, banks, tax authorities, government agencies, since they do NOT send you emails nor communicate with you on random issues. They will not and do not threaten you. Each company has a reporting system for spoofs and look on the website for the reporting of suspicious emails. For Wells Fargo, they have a section on their bank for this exact purpose. They say that the warning signs are: Suspicious Sender – where the email address is not from official Wells Fargo Business.
Also, Unusual language – Spelling and grammar mistakes are common in Phishing attacks. So don’t respond to these scams.
Urgent requests are another way that you can be scammed or spoofed, and NEVER click on a link, since that may take you to a website that will encrypt your data and then demand ransom.
The IRS is similar in reporting phishing or suspicious emails. There is extensive information in the IRS website regarding phishing scams. They state that if you get a suspicious email or phone call, to not respond but to call them directly. Forward the suspicious email to firstname.lastname@example.org and then delete the original email. If you receive a suspicious phone call, then get the telephone number of the caller, and a brief description of the communication. Get as much information as possible and then report it to the Federal Trade Commission. Let their experts help you. Their website is reportfraud.ftc.gov. Do not try and handle this yourself and immediately stop with all communication with the suspicious person and take action to protect yourself in the future.
1 – Never respond to a suspicious email.
2 – Hang up from a suspicious phone call and document the caller ID and the person who called you.
3 – If you happen to give out personally identifiable information, then contact the Federal Trade Commission about putting a Credit Freeze on your accounts.
The bottom line in all of this is practice good self defense when you are looking at emails. Do not get emotional about a scam or spoof and NEVER give out personal information to anyone claiming to be from Social Security, the Internal Revenue Service or a Bank. They will contact you in writing if they need to get additional information. If you have a tax accountant, always refer to them if you have suspicions about the origin of the email or phone call.
The US Government has a website specifically designed for this. It is www.usa.gov/stop-scams-frauds
They have links to the your state consumer protection office that can help you if feel that you may have lost money in a scam.
If you own a custom domain joesmith.com, contact the hosting support for your email and request that they get the appropriate SPF, DKIM and DMARC records in place to minimize the usage of your domain in a social engineering attack.
If you need further assistance in this matter, then contact us or call us at 510-626-8199 for further assistance in this matter.