Spoofing = hiding the true identity of a sender making you think that it is somebody you know.

What makes spoofing so dangerous?

Fraudsters know that you are more likely to trust or follow instructions from someone you know. For example, you are more likely to open an attachment from your CEO, friend, colleague or family member because you trust them. Fraudsters research their target company’s internal relationships, activities and purchasing processes, making the emails even more convincing.

It’s all about the money...

The main reason behind spoofing is fraud, such as getting a fake invoice paid. However, they may also want you to:

  • Give up credentials
  • Change suppliers banking details
  • Divulge sensitive or personal information
  • Clicking on infected links or open infected attachments
  • Get them in touch with people who can authorise payments

How to spot spoofed phishing emails

Please be extra vigilant and warn your colleagues on how to spot these:

1. Don’t trust anything you haven’t expected
Always be suspicious of emails you haven’t expected, even from people you know. Especially if it asks you to open an attachment, click on a link or divulge any information.

2. Verify the sender address
By clicking reply, you will see that an alleged internal email is really going somewhere else.

3. Requests for money should raise alarm bells
Always treat requests for money or sensitive information with a high degree of scepticism.

4. Look but don’t click
Hover your mouse over any links embedded in the body of the email. If the link address looks suspicious, don’t click on it

5. Verify with the sender
If the tone or the purpose of the email is slightly out of the ordinary, like a request for payment from the CEO to you, rather call or text the sender before actioning anything.