Domain Spoofing: Are You Safe?
Can hackers spoof an email address from your own domain?
One of the first things hackers will try to do is see if they can send an email pretending to be directly from your organisation, this is called domain spoofing. When they send these phishing emails they can appear to come from a person of authority, such as your CEO, and this is a type of spear phishing attack called CEO fraud.
They will take your domain, eg “yourorg.com”, and send emails which look exactly like they came from your very own domain. Consequently, the hacker is more likely to gain the confidence of the recipient and help them achieve their objective. Hence, unless your users are highly trained in security awareness, this type of attack is very hard to defend against.
Hacker Attack Process
A crybercriminal will search the dark web for your organisation’s email addresses
They will then gather the publicly available addresses of your colleagues
They use these addresses to launch a phishing attack across your organisation
Once they know they can spoof your domain they will gather all the publicly available email addresses of employees – which will be a lot – and start attacking. So, the more addresses available, the greater your attack surface and the greater the risk of data breach.
For example, they will send emails from your Board, Managers, HR or Finance and because they appear to come from an apparently credible source, your colleagues are more likely to click links and open attachments, leaving you wide open to fraud, malware and data breaches.
Would you like to know if your domain can be spoofed so you can address any mail server or DNS configuration issues that are found?
Use our free test to find out if your domain is at risk.
How the Test Works
Enter your details
You must use your organisation email address, and not a free account such as Gmail. This service is only to be used by the person in the organisation responsible for email security
We try to spoof you
We create a non-malicious simple email using your own domain, and send this to the address you entered.
Check your inbox
If the email arrives in your Inbox, then your domain can easily be spoofed. If it lands in your Junk/Spam folders then you are most likely safe. You may also receive a non-delivery report if you have measures in place to protect against domain spoofing.
or contact us for more information / no-obligation demonstration