Question: What should I do if someone is impersonating my company in a phishing campaign?
Erich Kron, security awareness advocate, KnowBe4: The Internet, as we know, was not designed for security. Unfortunately, that has left us with some issues. One major issue is the ability to spoof email addresses rather easily.
If your organization is experiencing issues where people are impersonating it when sending phishing emails, ensure your email services are set up to use Sender Policy Framework (SPF) records or DomainKeys Identified Mail (DKIM) and also to use Domain-based Message Authentication, Reporting & Conformance (DMARC). These authentication technologies are used to validate that emails come from servers that are authorized to send from your email domain. While this won't stop the bad actors from trying, it will allow victim email systems to better identify and block these fake messages.
James McQuiggan, security awareness advocate, KnowBe4: If your organization is being impersonated in a phishing campaign, it's important to reduce the risk to your employees and customers from being scammed through communication of such potential attacks. Either posted on the website, in emails, or text messages, inform them about the potential threat that could be seen via a phishing scam and explain that the organization will never ask for passwords or other sensitive information via a link in email. Another good practice is to teach people to not click on links in emails or text messages unless they are expecting the link. Advise them to use bookmarked websites or get access through a search engine.
Also, be on the lookout for typosquatting or script spoofing, which is where the criminals purchase various domain names of the organization website with transposed letters or use homographic characters. These characters could be from another language, like Cyrillic or Hebrew, and may be difficult to spot in the URL. One solution is to purchase the websites that would contain the transposed or common Cyrillic-lettered websites and redirect them back to the organization's main page.
The Edge is Dark Reading's home for features, threat data and in-depth perspectives on cybersecurity. View Full Bio