_edited.jpg)
A successful email spoof can be the basis of many types of attacks that affect both your organization and the organizations of your customers and partners.
Phishing attack - The emails typically contain urgent requests for personal information, such as login credentials, credit card details, or Social Security numbers. The goal is to trick recipients into divulging sensitive information that can be used for fraudulent purposes.
CEO Fraud - Also known as whaling, targets high-level executives or individuals with authority within an organization. These attacks rely on the authority and trust associated with the executive's position to deceive employees into complying with the fraudulent requests.
Spear Phishing - Spear phishing attacks are highly targeted and personalized attacks. Attackers research their targets and craft emails that appear to come from a trusted source, such as a colleague or business partner. The emails often contain specific details or references that make them appear legitimate and increase the likelihood of the recipient falling for the scam.
Vendor or Supplier Scams - Attackers spoof the email address of a known vendor or supplier and send emails to the targeted organization's employees. The emails commonly request changes to payment details, such as updating bank account information or issuance of new invoices to be paid. By impersonating a trusted business partner, attackers aim to redirect legitimate payments to their own accounts through existing business processes.
All of these scams work because the most successful ones are not one-off attacks. The attackers research businesses and build their attacks around business processes and chains of trusts within organizations and between organizations. Email is one of the core ways businesses relay information so stopping spoofing is a major step forward towards reducing risk related to phishing, wire fraud, business email compromise, and other very damaging attacks.
Here are five cyber incidents that occurred due to email spoofing:
The 2016 Democratic National Committee (DNC) Hack: In this incident, attackers used email spoofing techniques to impersonate legitimate DNC email accounts. This allowed them to gain unauthorized access to sensitive information and emails, which were later leaked and had significant political implications.
The Ubiquiti Networks Breach: In 2015, cybercriminals used email spoofing to trick employees of Ubiquiti Networks, a network technology company, into transferring funds to fraudulent accounts. The attack resulted in a loss of approximately $46.7 million.
The Snapchat Phishing Attack: In 2016, attackers sent spoofed emails to Snapchat employees, posing as the company's CEO. The emails requested employee payroll information, leading to a data breach that exposed the personal information of several current and former employees.
The Mattel Data Breach: In 2015, attackers used email spoofing to target Mattel, the toy manufacturing company. The attackers posed as a legitimate vendor and sent fraudulent emails requesting payment. As a result, Mattel transferred $3 million to the attackers' account.
The Seagate Phishing Attack: In 2016, employees of Seagate, a data storage company, fell victim to a phishing attack. The attackers used email spoofing to impersonate a senior executive and requested employees' tax information. The incident resulted in the exposure of thousands of employees' personal information.
The following table shows the top three ‘initial access’ methods that leads to a cyber incident. Phishing (which includes spoofing) and Trusted Relationships (which usually relies on email) rank overwhelmingly in the top 3 methods.
Source: https://www.cyentia.com/iris/
With such a large array of attack methods, unfortunately all with historical success, it is crucial for your company to be safeguarded against these vulnerabilities. Learn how the Exhibit A Cyber team can help fortify your digital security.