Spoofing and hacking: how secure is your email account?

In association with LawWare: We are all aware of the potential dangers of fraud when it comes to our emails. So, what are the main issues that you might face when dealing with malicious email?
17th January 2022 | Colin Ferguson

These days we are all aware of the potential dangers of fraud when it comes to our emails. So, what are the main issues that you might face when dealing with malicious email?

For the purposes of this article, I will be focusing specifically on email through Microsoft Office 365 as this is the mail platform we resell to clients, and which is fast becoming the most popular email service for businesses. Let’s define a couple of terms and then look at what can be done to mitigate some of the risks to your firm.

Spoofing

Spoofing occurs when you, or a third party, receives an email that at first glance looks to have come from your account. In fact, it has not. Your account has not been hacked or compromised. The sender has made it appear that the email was sent by you. Closer examination reveals that the sending address was something completely different. Typically, a Gmail or other free account that scammers use. While a message like this will not pass detailed inspection, it may be enough to trick people into thinking that it came from yourself or someone else at your firm. While not as serious as a full email breach, this is a common method employed by scammers which most of us have encountered at some point.

Solution: DKIM Technology

This is where a technology called DKIM (Domain Keys Identified Mail) can come in. With this feature enabled on your Office 365 account, all outgoing messages will be digitally signed with an invisible key unique to your firm. When a mail server receives a message, it will check this key and verify that it really came from your firm. If this check fails, the message is not delivered to the recipient.

Hacking

This kind of attack worries people the most and is potentially the most damaging to your firm. It means that someone has illegally gained access to your email account and can access your contacts list, and emails you have both sent and received. Scammers may monitor your account for some time, reading messages and gathering useful information such as bank details and details of transactions you are conducting for clients. They may then contact the client asking for funds to be transferred. The client, seeing that the email came from their solicitor, could then make payment to the bank account that the scammer provided to them. Prevention.

Fortunately, there is a solution available to all Office 365 customers that can help prevent this situation – Multi-Factor Authentication. Multi-Factor Authentication (MFA) provides an additional layer of security for your Office 365 account by requiring not only your email address and password but also a second authentication step. This can be either a code sent via text message or through an app installed on your mobile device. When you sign into Office 365, you will be prompted for this second stage verification. While a hacker may have access to your email address and password, unless they also have your mobile phone, they will not be able to gain access to your account.

The good news

If you have Office 365 email administered by LawWare, then both DKIM and Multi-Factor Authentication are available to you. Please contact me to find out more, Colin Ferguson 0345 2020 578 or innovate@lawware.co.uk

The Author

Colin Ferguson, LawWare

Share this article
https://lawware.co.uk/

Regulars

Perspectives

Features

Briefings

In practice

Online exclusive

In this issue

Recent Issues

Dec 2023
Nov 2023
Oct 2023
Sept 2023