Phishing is a common form of cyber attack. The attacker gathers personal information, which can include passwords or credit card numbers through emails that are disguised as from a trusted sender, such as a bank. They often include a link to an external scam website.
Some phishing attempts are easy to spot. You have probably received an email riddled with spelling errors or the formatting doesn’t look right. When you check the sender, it is clear the email is not from the reputable company that it claims to be from. It is likely you would have received some type of scam email urgently asking you to verify your banking details, possibly even from a bank you don’t do business with.
But what happens when you receive a scam phishing email seemingly from a colleague or someone you regularly do business with? Domain spoofing is a common form of phishing where the attacker impersonates a company or one of its employees by sending emails from the company’s domain or a domain that closely resembles it. The emails are visually crafted to look exactly like the legitimate version so it is very difficult to detect.
The goal of these emails could be to open a malicious email attachment, download malware, transfer money to the attacker’s account or to visit a scam website and enter personal or login details. If your company domain is spoofed, the attacker may use it to target your employees or your clients.
Are your company emails protected from a domain spoofing attack? Use our free checker to find out.