Stop identity spoofing in workplace emails

While I’m in an Uber, I jump on a call from a client - the CEO of a logistics company - completely panicked. He was convinced someone had hacked his email. Why? Because someone just sent a message from his exact email address. Same name. Same email. No obvious red flags. It looked real. But it wasn’t. It was 100 percent fake. This is spoofing - and it’s far more dangerous than most people realize. Here’s what happens: Hackers don’t need access to your inbox to send emails that appear to come from you. They exploit weaknesses in email authentication - especially when SPF (Sender Policy Framework) isn’t configured correctly. If SPF fails, anyone can send emails that look exactly like they came from your account. That doesn’t mean your inbox was breached. It means your identity was impersonated. Most people assume: "If the sender looks legit, it must be safe." But that assumption is exactly what attackers count on. In this case, the attacker sent a spoofed message that looked internal. No links. No attachments. Just a message designed to earn trust. And once it was opened, it triggered a tracking pixel - alerting the attacker that the target was active. That’s how phishing works today. It’s not sloppy anymore. It’s surgical. What can you do about it: - Don’t trust the “from” field blindly - check if SPF, DKIM, and DMARC pass. - Make sure your domain is properly protected and monitored - Train your team to pause, question, and report - Use security tools that detect these attempts before they hit inboxes If you want to check whether your SPF is configured correctly - ping me. #CyberSecurity #EmailSecurity #Phishing

The Irish Daily Mail reported on July 12 that the National Treasury Management Agency (NTMA) fell victim to a sophisticated, multi-layered phishing attack, resulting in a loss of up to €5 million (Craig Hughes, Irish Daily Mail, July 12). However the ntma.ie domain remains vulnerable to similar exploits. There are three essential protocols to prevent bad actors from impersonating your brand or corp email: 1 SPF (Sender Policy Framework) 2 DKIM (DomainKeys Identified Mail) 3 DMARC (Domain-based Message Authentication, Reporting & Conformance) For those outside the emailgeek space: these are domain records that help block impersonators. They usually take no more than 5 minutes to set up; Gmail, Yahoo, and Microsoft now require them anyway. I see issues with each on ntma.ie but the DMARC record needs immediate attention. For ntma.ie, though a DMARC record exists, its policy is set to "p=none" but they do have reporting enabled. This means: Check the email, report failures, but let everything through anyway, including a spoofed email. You might ask, why is "none" there at all? The p=none DMARC policy is often used to monitor email authentication without affecting delivery; but if left too long, it offers no real protection and leaves the domain open to spoofing. The solution is straightforward: Update the policy to "p=quarantine" (move suspicious emails to spam) or "p=reject" (block them outright). This change can be implemented in just 5 minutes and would immediately start mitigating impersonation attacks. Every public organization should audit their email security protocols today. Start with your DMARC policy: Is it actively protecting you, or just passively observing threats? If you need guidance or a quick check, feel free to connect or message me, I'll check it for free. PS: Want to check your own domain quickly? Follow these three simple steps. 1 Send an email from your actual sending system (Salesforce, Sensorpro, Mailchimp, or your company email) to a Gmail address. 2 Open it in the Gmail desktop app, click the three vertical dots (top right) and select "<> Show original." 3 If SPF, DKIM, and DMARC are properly configured, you'll see "PASS" for each. If any are marked FAIL or missing, that's a concern.

Your customers aren’t the only ones being scammed. Your employees are too. Not with fake checks. Not with phishing links. But with psychological scripts and fake authority. Criminals aren’t hacking systems. They’re hacking human behavior. According to a report by Verizon in 2024, 90% of cyberattacks involved social engineering. All it takes for your business to be compromised is... - One call from a “regional director.” - One email spoofed from a supervisor. - One urgent request for a money transfer. And your employee follows it because it sounds real or the company culture makes them uncomfortable to ask questions and they just follow orders. Suddenly… 🚨 A wire is sent. 🚨 The scammer disappears. 🚨 The customer account is compromised. 🛡️ How to Combat This: ✅ Fraud scenario training for all departments (not just fraud teams) ✅ Two-party verification on any internal financial request ✅ Teach employees to “Pause, Think, Verify” before acting under pressure ✅ Establish an internal fraud escalation line You can't stop what you don't know. #FraudHero #socialengineering #fraud #scams #fraudprevention

Continuing our "I.T. Security With a Hammer" series, although this one is more like a rubber mallet. I attended a meeting on corporate email security. One very simple, zero cost, but potentially effective suggestion made during the meeting is to create two Microsoft Exchange Email Transport Rules: 1) Create a conditional transport rule that says if the email is from outside of the organization, prepend the subject line of the email with [EXTERNAL], [NOT INTERNAL], or some other form of indication that the sender's email address is not on your internal domain. This can also be accompanied by a footer message reminding users not to click on links or open attachments until they verify the sender's email address and that it is from a trusted source. 2) Create a conditional transport rule that says if the email is from inside of the organization, prepend the subject line of the email with [INTERNAL], [ORGANIZATION NAME], or some similar indicator that shows that the email originated from within the internal domain. A simple footer message can also be added to help indicate and verify internal emails. While a hacker could attempt to "spoof" these messages to try and trick users, they can't eliminate the fact that the message subject line will always add a code even if they try to make it appear as if it is internal. Anyway, we all agreed in the meeting that this is a simple, zero cost, and potentially effective way to help try to better identify phishing, spear phishing, whaling, and other forms of email fakery. Looking forward to the feedback in the comments.