Disclaimer: The below is solely intended for informational purposes and in no way constitutes legal advice or specific recommendations.
As technology improves and becomes more widespread, so do targeted cybercrimes, such as email spoofing.
Email spoofing is a common cyber attack in which the sender’s address mimics a known entity, such as Wells Fargo, PayPal, or Microsoft. The fraudster makes it look as convincing as possible to make the recipient trust the email’s legitimacy. From there, the victim is tricked into providing personally identifiable or sensitive information, such as logins and passwords to banking websites – which often leads straight to identity theft.
This problem is so prevalent that in August, email security firm Valimail offered its protection services for free to political campaigns and state election board members through the 2018 election. The company is also offering a free email fraud protection service to both the Republican National Committee and the Democratic National Committee through the 2020 Presidential election, following the “hacking” that occurred prior to the 2016 election.
The tactics used in email spoofing are similar to neighbor spoofing “robocalls,” which are also on the rise. As with email spoofers, neighbor spoofers rely on familiarity: they’ll mask the actual number they’re calling from and make it show up on your caller ID as a different one – typically using the first six digits of the recipient’s own phone number. The spoofer hopes you’ll answer because the number seems familiar and local, but when you pick up, a recorded message instructs you to call back and provide personal and financial information.
How To Protect Yourself From Email Spoofing
Although phishing attacks are becoming harder to spot, there are a few simple ways you can better protect yourself from cyber criminals who come at you through email and by phone.
Reverse Phone And Email Lookup
If you get an email or phone call from someone you’re unsure about, you can run a reverse phone search or reverse email search to verify the person is legitimate. If you do not encounter ample results, it’s likely a fabricated phone number or email address designed to dupe you.
Double-Check The Sender’s Information And Attachments
Before you open any attachment, look closely at who the sender is and determine if you truly know them. If you recognize the name, ask yourself if your friend or colleague would typically send a file of this variety to you. If the email or file seems strange or out of character for that person to send, do not open it. Contact the person (by a different means of communication, if possible) to ask if they knowingly sent the email.
Use Strong Passwords
There’s a chance that a fraudster already possesses one of your regularly used passwords. To ensure the best security for your email and other websites, change your passwords often, and use a combination of upper and lowercase letters, numbers and symbols if you can. Whenever possible, use two-factor authentication, which requires you to enter a code sent to your phone or email to prove you’re really you.
Don’t Freely Give Your Information
Most importantly, you should try to keep your personal information as personal as possible. Be judicious when giving out identifiable information like your home address or Social Security number, and ask the requester if you’re absolutely required to provide this information. If it’s not legally required, don’t fill it out.