E-mail spoofing involves changing the identity of the e-mail sender and is commonly used by spammers to hide their identities or to make an e-mail appear legitimate, meaningful and personal. But it also has a more sinister side.
When spammers spoof an identity, it is annoying and a waste of time and money. However when hackers and con artists do it, more than a few dollars can be involved. They may be trying to get valuable information by pretending to be a trusted business partner or by masquerading as a company employee. An Australian company recently implemented an e-mail sweeper after a disgruntled employee sent e-mails to all employees under the name of the general manager, saying the company was going broke.
Changing the ‘display name’ in a Web mail account is easy to do. Unless the recipient is alert they won’t notice that, while the e-mail appears to come from a trusted source, in reality it is from a Web mail account.
The spoofer can also use an e-mail client to change the ‘from address’ and the ‘reply address’ in addition to the ‘display name’. These measures are harder to detect, as the network will recognise the e-mail as coming from a valid partner’s e-mail address. A spoofer pretending to be a user internal to your company can easily be blocked. To do this, all e-mails from the Internet with internal only domain names need to be blocked.
A spoofer pretending to be a trusted partner external to the company is harder. If the spoofer is determined, they will change the ‘reply address’ to one they have access to.
One way to stop this is to only allow confidential information to be sent to trusted domains and e-mail addresses. This involves knowing what is confidential and who are valid recipients. Confidential documents can be marked ‘Confidential’ within the document, the header or in the properties of a document. You could also secretly tag your confidential documents with a ‘white image’ (this could be as simple as marking the document anywhere with a white X) which, being the same colour as the background, will not be seen when the document is displayed or printed.
The most comprehensive way to secure e-mail communication is to only allow such documents to be sent encrypted to trusted domains and e-mail addresses as well as a good e-mail filtering system.
Chy Chuawiwat is managing director, Clearswift (Asia-Pacific)