Spam vs Scam vs Spoofing
Scam, more and more elaborate each time
Often you will receive an email that you are 95% sure is a Scam and you may wonder why this slips through to your inbox instead of being blocked by all the systems out there.
The answer is that the email is not spam.
But what is the difference?
A scam email can be a situation where an innocent home user or business has been hacked and the hacker then uses their legitimate email address to send out as many emails as possible to others.
Because this email address is legitimate and has been used for honest purposes, it is not flagged and, therefore, gets through.
The goal for the hackers is to use this legitimate source to lure others into something bad.
Of course, eventually, the legitimate owner of the email address realises they have been hacked and changes their password to lock out the hackers. But the damage has been done and, in the meantime, others have already fallen for the traps as the source was from a genuine and legitimate person.
Spam, the ever-growing threat
On the other hand, spam emails are where a hacker will create a free @gmail.com address (for example) and use that for the same purpose. However, these accounts are new and unknown to all receivers, so easily identified as bad and therefore classified as spam.
So on the whole, generally speaking, legitimate people with a genuine email address sending emails means they will get delivered to many inboxes!
If you are unsure about an email as it doesn't feel or seem right, e.g. it is out of character, then simply phone up the sender. And when they say that they didn't send it, you then both know the unfortunate situation.
Make sure you share and communicate such scenarios to your entire team so they are up to speed with hacking techniques.
Thers is a caveat to all of this. Instead of creating a free @gmail.com address, hackers can get through security measures by appearing as a completely genuine company with legitimate email addresses, and thus are able to get through most defences.
The way this is achieved is by hackers creating a legitimate company, buying a legitimate domain name and setting up legitimate email addresses at this new company, often through a free 1 month trial with either Microsoft or Google.
From there the hackers have a genuine system that they can use for malicious purposes, until they are caught out! In the meantime, they will have sent enough malicious emails which as you know understand, will get through to inboxes, and unfortunately, someone will fall for their exploits.
Spoofing, they can pretend to be you!
Finally, Email Spoofing is another situation where it is impossible to prevent. This is where someone sends an email from any email address that is legitimate, e.g. a @gmail.com address. but they will use your name as the sender's name and put your signature on the email.
When people receive the email, it will show both the 'Name' and the email address where it was sent from. However, many people just look over this and put 1+1 together, seeing the name and signature, then wrongly assuming it is really from you!
Of course it is not as it is not from your email address. Anyone can do this with any email address and there is nothing that can be done to stop it. We are relying on the receiver of the email to spot it and report it as malicous/spam. After enough people do this, such emails will then be blocked.
However, hackers simply create a new email address and carry out the same process again, knowing that people are in a rush and don't spot such obvious emails which are designed to impersonate a legitimate sender.
We hope this explains how although we can put in as many security measures as possible, it is still possible for hackers to find ways around things.
If you want to ensure your systems are fully protected and free from vulnerabilities, consider getting in touch with our team:
Stay safe!