Email spoofing involves sending messages with a forged email address. When you receive an email that says it is from your friend John Doe, you can avoid opening a dangerous message by looking to see if the sender's email address is not his own. But when the message shows a sender email that matches his, you might feel comfortable opening the message and clicking on a link inside. That’s the danger of spoofing.

In many cases, email spoofing can involve changing just one letter or character in an email. For example, an email made to look as though it is from your colleague [email protected] would come from [email protected] or [email protected]. When quickly reviewing your emails, you might not immediately see the error. But if the content of the email is not something John Doe usually doesn’t discuss with you, or if there is an attachment or link you wouldn’t normally receive (like an invoice or proposal), take a closer look at not just the sender name but the sender email address.

It’s important that your staff are trained and reminded to be vigilant about opening or clicking on any links or attachments that they are not expecting. If you and an email sender do not normally share files or have a contract pending, be wary if you receive them out of the blue.

Protecting your business from email security threats is important not just to the safety of your computer network. It can affect your client, customers, and colleagues if one of your email addresses is compromised. Business email compromise is a common method of cybercrime that costs businesses millions of dollars each year. If your team member names and email addresses are publicly available through your website, any cybercriminal can make an attempt at spoofing them.

One simple way to protect against these threats is to talk with people. If you receive an email from a friend or colleague that has a link or attachment that you were not expecting or that does not look familiar, pick up the phone and give them a call. Call the number that you have on file for that person, not a phone number in the suspicious email. If their account has indeed been compromised, your call can alert them to a problem so that they can address it sooner.

In the end, speaking with our co-workers and colleagues can go a long way toward electronic security.