What the Barracuda Email Spoof Means for Your Business
Elaborate Scheme to Steal O365 User Credentials
The email spoof remains one of the favorite tools used by cyber-criminals to phish information. A recently uncovered scheme moved the bar up in terms of sophistication. As if using known brands wasn't enough, this latest phishing attempt spoofed one of the leading email security firms. As a result, the implications are scary.
Internet security training firm KnowBe4 reported how the attackers took great effort to cover their tracks. A typical email spoof involves forging the sender address. Known and trusted brands are used to trick recipients into opening the message. This attack however, went beyond using a known brand and forged the email message header information. In an attempt to give increased credibility, the attackers spoofed the message header information as if the message had been safely validated by Barracuda Networks, an email security company known for tracking and reporting email shenanigans like email spoofing.
Once a recipient opened the message, they were asked to login to their Office 365 account. The illegitimate landing page was a complete duplicate of the real Office 365 portal. Even a savvy user who took the time to review the message header information could have easily surrendered their O365 account credentials. This is the scary part - this tactic will likely be used over and over again, using other, well known security brands.
What's a Small Business to Do?
If you've not discussed how to spot an email spoof with your teams, now is the time. Email phishing attacks are at an all time high. Remind staff to be vigilant and question any email that doesn't seem quite right. The best rule-of-thumb is to think before you click.
A plethora of email security solutions are also available. From simple to sophisticated, there is an email security solution for every budget. Talk to your IT department or give us a call about email security in your office.