This Email is Coming From Inside the Company

by | Nov 30, 2020 | Cybersecurity

By Brenton Spencer, Support and Delivery Specialist

Have you ever opened your email to find a message from a coworker that seems suspect? Have you received a OneDrive link or password reset from Microsoft that you did not request? Or have you ever received an email that was sent from your own email address, but you did not send it? Chances are that someone is using your companies or your email address to gather information in a phishing attempt.

Above are examples of email spoofing. More than 90% of cyber-attacks start with an email, there are roughly 3.1 billion spoofing & phishing emails sent daily, and email spoofing & phishing have had a worldwide impact costing an estimated $26 billion since 2016. With these cyber-attacks becoming so commonplace I would like to highlight a few of the top ways you can fall victim to a phishing scam.

Intra-Org / Self-to-self spoofing

Intra-Org or self-to-self spoofing is where your organization’s domain user addresses are spoofed for the purpose of phishing or scamming someone. This may come in the form of an email from a coworker with an attached PDF, an email from a boss asking you to purchase gift cards, or an email from yourself with a Sharepoint link. If an email is sent from and shows a display name of someone that is familiar, users are more likely to trust the message.  All these examples have the same goal: to deceive users and trick them into performing the phisher’s desired action.

External Spoofing

Cross-Domain or external spoofing is where a message is received from outside your organization that prompts a response or call to action. These messages are sent to solicit a response such as clicking on a link, replying to an email, or opening an attachment to either gather information or install programs. The display name & address that are sending the message appear to be from a legitimate service or sender (such as Microsoft, Adobe, Apple, etc), and appear as legitimate email requests for account management.

For example:

How do they do it?

Email spoofing does not require any sort of advanced system or detailed tech knowledge to complete. Spoofing emails are created by the spoofer adjusting email message headers. By adjusting these email message headers, the phisher is able to adjust the sending address, the reply-to address, email return path, or anything else they can to trick you into believing the message is legitimate. When analyzing the message details & headers, the received message details will show that the message was not sent from a trusted sender, but from a suspicious source. 

How is it prevented?

Preventing spoofed emails from being opened or acted upon requires a mix of user training and email security standards.  SPF, DKIM, and DMARC email security standards can be utilized to prevent the messages from being received.

  • SPF – outlines valid IP addresses that are approved to send emails for a specific domain.
  • DKIM – Prevents spoofing emails from being sent as outgoing messages on your domain. DKIM updates the DNS entry of an email domain to add a digital signature to the message header and to ensure that the email remains unaltered from when it was sent.
  • DMARC –  An email authentication, reporting and policy protocol that uses both SPF and DKIM to provide information about the email domain.
  • Cybersecurity Awareness training – One of the most important factors in preventing spoofed emails from being acted upon is user training. Having users that are suspicious of emails and can recognize flags of spoofed emails/phishing emails.  Some of the most common flags are:
    • use of poor language, grammar, and punctuation.
    • use of language that conveys a sense of urgency
      (call to action).
    • mismatching or inaccurate information in the
      “from” field. (For example, does the sender’s name match their email address?)
    • Domain information that is incorrect (is there an extra letter in the sending domain? Was a letter replaced with a number?)

As phishers become more creative with their attempts to gather information, it is important to diminish the possible attempts in every way possible. Mitigating these attempts through security standards & user training reduces the possibility of confidential data loss, installation of malicious software, and financial loss.

Atom Creek is the expert in making sure you and your company stays safe. If you could benefit from employee training or an update to your security posture please contact us today.

See What Our Partners Are Saying

Atom Creek is an exceptional managed services provider. Customer experience is a priority. My experience with Atom Creek has been that the engagement and focus of the top levels of leadership and the owner of the company on projects is second to none. Broad knowledge and being at the forefront of new technologies and innovations is a key characteristic of the firm and one of many reasons so many clients stay with them for so long. Highly recommend.

Brian Bybee

We have worked with Atom Creek for 7 years, they are always on the forefront of security and compliance for our company. When you need computer help from the techs they know us like they are your own internal department and not the random call center help person. Atom Creek is our IT department and is Amazing.

Kirsten Berger

Atom Creek is great they took care of everything we needed in a timely manner with zero issues. Paid great attention to exactly what was needed and delivered everything perfect. Highly recommend!

Tyler Holt

Excellent managed service provider with a highly skilled and customer-focused team!

Jon Taylor

Great folks to work with. Honest work and honest price.

Stephen G

Great business, knowledge and customer service.

John Schliep

Take the Next Step with Atom Creek

Contact us and learn how to create a harmonized IT environment that makes achieving your business goals faster and easier.