Email spoofing: what is it and how to stop it?
Email spoofing is the act of sending emails with a forged sender address. It tricks the recipient into thinking that someone they know or trust sent them the email. Usually, it’s a tool of a phishing attack, designed to take over your online accounts, send malware, or steal funds.
Spoofed email messages are easy to make and easy to detect. However, more malicious and targeted varieties can cause significant problems and pose a huge security threat.
The reasons for email spoofing are quite straightforward. Usually, the criminal has something malicious in mind, like stealing the private data of a company. Here are the most common reasons behind this malicious activity:
- Phishing. Almost universally, email spoofing is a gateway for phishing. Pretending to be someone the recipient knows is a tactic to get the person to click on malicious links or provide sensitive information.
- Identity theft. Pretending to be someone else can help a criminal gather more data on the victim (e.g. by asking for confidential information from financial or medical institutions).
- Avoiding spam filters. Frequent switching between email addresses can help spammers avoid being blacklisted.
- Anonymity. Sometimes, a fake email address is used to simply hide the sender’s true identity.
Cyberattacks Surge During the Holiday Season: Here’s Why
Researchers at the UK-based cybersecurity company Darktrace released a report in December 2021 showing that ransomware attacks increase globally during the holiday season.
Darktrace observed that there is a 30 percent increase in the average number of ransomware attacks over the holiday period compared to the monthly average. The researchers also established a 70 percent average increase in attempted ransomware attacks in the months of November and December, compared to January and February.
It is no wonder, then, that governments across the world issue warnings at the end of the year, and urge businesses to stay vigilant.
Reasons why cyberattacks increase during the holiday seasons
- IT professionals are out of the office – Holidays mean fewer in-office employees operating during that time. This results in drawbacks, such as distracted employees, fewer employees responding to threats, and longer response times, all of which contribute to higher chances of success for cyber-attacks.
- Phishing emails and fraudulent websites – By targeting well-known shopping days, such as “Black Friday”, and Christmas sales, threat actors use phishing emails and fraudulent websites to lure consumers which enables the attackers to obtain sensitive information, and install malware on systems.
- High network traffic – Company networks are strained due to high network requests and traffic. This leverages threat actors to easily penetrate systems and launch Distributed Denial of Service attacks (DDoS). According to the 2022 California Business Journal, DDoS attacks increased over the year by 109%, and each attack costs between $20,000 and $40,000 for every hour it continues.
How to Protect Against Cybersecurity Threats This Holiday Season
You can’t stop the flood: the pandemic made online shopping jump to incredible heights, and so did cybercrime. According to the FBI, in 2021, holiday scams cost victms over $500 million in the US alone. The 2022 holiday season will not be different.
With remote and hybrid work settings becoming the norm, holiday shopping may cross the boundaries between home and work computers. It means that attackers now have even more opportunities to get their hands on corporate data.
With all these reasons, one can see why holiday scams are a motivation for companies to offer cybersecurity training and awareness to their employees.