by Mark Farish, Senior Systems Engineer
What is Spear phishing (or email spoofing)?
Emails that are deceptive – ones that visibly look like they are coming from an individual or a company but realistically are not. This malicious act of sending an email with a forged “from” address. The emails are made to appear as if they come from you personally, or from one of your trusted contacts. It’s usually criminal hackers that hope to retrieve credit card and bank account numbers; even passwords and financial information from your personal computer. Beware!
How can I prevent phishing and spoofing?
Although it is impossible to stop all hacks, you can take some simple measures to protect yourself from being a victim.
Helient Systems recommends implementing Email gateway polices to block unwanted phished or spoofed emails. These policies specifically target unwanted inbound spoofed email. For instance, if your domain receives an email that originated from outside your network and the From address is firstname.lastname@example.org, this should raise a red flag. It is atypical to receive an internal email that is generated from outside of your network. It is highly likely that this is a phished or spoofed email.
Natively to Microsoft Exchange, certain transport rules and permissions can be applied to prevent legitimate messages sent without authentication and with your domain in the From header.
Additionally, if your organization is using an external email hygiene provider, there are additional mechanisms to control these messages.
If you are a Mimecast customer, you can implement an Inbound Lockout Policy. Read more about this policy from Mimecast.
To create and implement an Inbound Lockout Policy, log into your Mimecast administrator portal. Next, go to the Administration Console:
In addition, you can utilizes Sender Policy Framework (SPF) which records on your DNS zone and validates that a message being sent from your domain came from an actual authorized mail server. This allows a company to designate the hosts or sources that are allowed to send mail on behalf of your domain.
For more information on SPF and common mistakes when creating SPF records, see theOpenSPF web site. Also always be careful when using includes in SFP polices. Learn more about SPF Includes at OpenSPF.
Mimecast customers wishing to implement SPF in addition to Lockout Policy, please read theMimecast Knowledge article.
Helient also recommends that you always follow Microsoft best practices for configuringExchange Online Protection.
Google Apps provides support for SPF. You can find detailed steps here at Google support.
Symantec Cloud/MessageLabs users can follow Symantec’s knowledge based articles for details on Anti-Spam detection settings.
It is important that you create any of these polices with care. Improper configuration can result in email delivery failures. For assistance with setting up Gateway or SPF policies, or for help with determining spoofed email, please contact us at (732) 204-7410 or email@example.com.