Protecting Inboxes from Domain Name Spoofing

reading time Reading Time: 5 minutes

Not everyone has the same vocation, but some of us have ones where we’ve been referred to as ‘white collar’ types who are in an office 9 to 5 Monday to Friday. For us it’s normal to need to go through a long list of unopened emails every morning, and if you’re more of a blue collar than white type of person then you can be thankful you don’t need to do that. But that’s neither here nor there with what we’re going to discuss for our blog entry here this week.

Email may have had the soundest of beginnings, and the value it has had in allowing speedy yet detailed interpersonal communications has been invaluable. But these days nearly everything has the potential to be corrupted to some extent and by whatever means, and your inbox is the farthest thing from being immune to that. If you’re on of the office guys or gals we talked about to begin with, you may have already had to deal with domain name spoofing. What’s also like is that you’ve received a company-wide email warning you to be on the lookout for it.

99+% of customers for every good Canadian web hosting provider is going to have an inbox of their own, and many of them may be the same hotbed of activity and incoming emails in the same way it is for us. Domain name spoofing is one of the more pronounced risks where recipients can be fooled into greenlighting scams and other types of nefarious digital activity, so let’s use this entry to talk about what you can do to keep yourself safe from it.

What is Display Name Spoofing?

Mail display name spoofing involves cybercriminals impersonating others and manipulating the sender's display name so that the email appears to come from a trusted source. In worst-case scenarios – and they unfortunately work out this way often - recipients then open the mail and possibly end up clicking on malicious links, or revealing sensitive information.

Getting into more specifics, this is the way it works and what you’ll probably quickly come to see is that display name spoofing isn’t difficult to do. The perps will first identify a target, and the best ones for them are organizations or individuals with a level of trustworthiness or a reputation that’s ripe for exploitation. From there an email message is crafted and they make every effort to make it seems genuine and containing a message that will see legitimate to the recipient.

There are even means by which they can use the same logos and formatting that you’d see in an email coming from that specific source, and the best ones do really well in imitating the same the type of language that would be used. Often times with even the same type of syntax structures.

But the most essential part of this construction is in the way the email address isn’t changed, while the sender’s display name is. And quite often the change is very small and subtle and you would need to look at it with more than just a glance to detect an inaccuracy. What the attacker does is change the sender's display name to match that of the trusted source.

The Sending

Once the email has been built then it is sent to the target, and the problem is in the fact that the recipient sees only the spoofed display name and not the actual email address. If their guard is down and / or they’re not paying close attention, they may open the email and then interact with in the same way the spoofer wants.

It’s common to incorporate a deceptive subject line too, and quite often they will use one that instills urgency or curiosity, encouraging the recipient to open the email. Too many people become victims here , and the reason for that is because recipients often trust emails that appear to come from familiar names or organizations. When that happens they are more likely to engage with the messages.

You don’t even need a lot of skill or proficiency to be able to do this, and that may also be a part of why domain name spoofing is occurring a lot more frequently these days.

How to Protect Yourself

The first thing you can do is look at the email addresses much more carefully to verify them. Always check the sender's full email address, and this means not looking at only the display name. If it is unrecognizable or is oddly put together and doesn’t ‘look’ right, don’t open the email and if you’re convinced it is fraudulent you should block the sender and report it to your IT team if you are in an office workplace environment.

It’s also advisable to be skeptical of emails that demand immediate action or contain urgent requests. This is a way that the senders try to trick you into making hasty decisions. You should also hover over links to get a visual of where you’re going to be redirected to. If the URL looks suspicious, don’t do it.

Email authentication protocols like SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) are also recommended to avoid domain name spoofing. Enabling Multi-Factor Authentication is advisable too as it adds an extra layer of security to your email account, and the attackers will have more difficulty gaining access to it.

You may also like: