Blog

How can we protect ourselves from phishing and email spoofing?

24 February 2021 Comments Off on ¿Cómo protegernos del phishing y el email spoofing?

We recently spoke in another post on the threat posed by phishing and email spoofingWe will look at the differences between the two tactics and how we can detect them. In this case, we will focus on how we can protect ourselves from them as a user, or as a company, organisation or entity.

How can we protect ourselves as users?

Although spam filters on email accounts are set up to detect phishing and spoofing threats and prevent them from reaching the inbox, as mentioned above, cybercriminals are always looking for new ways to evade these filters and perfect their deception tactics. In this context, there are certain measures we can take to protect ourselves against these threats:


1. Find out how to detect phishing and email spoofing threats.

The first step in protecting yourself from these malicious tactics is to be well informed about what they are and how to detect them. At this post we comment on the most commonly used methods to deceive the user via email. Keep them in mind to avoid falling into the easy click.


2. Set up a security programme for your computer

Install a security program and set it to update itself automatically. This way it can detect and protect you from any new security threats.


3. Use a multi-factor authentication system to access your accounts.

Multi-factor authentication is a security system that involves combining different pieces of information to log in to an account, offering a higher level of security and protection. This makes it more difficult for cybercriminals to gain access to your accounts. The types of data that multi-factor authentication combines are as follows:

- Data known to the user: password, PIN, answer to a secret question, etc.
- Data that the user has: key, security token, bank card, smart phone, etc.
- Elements of personal recognition: fingerprint, face, iris, voice, etc.


4. Configure the automatic update of your mobile phone software

Keeping your phone's software updates up to date could give you extra protection against security threats, thanks to new built-in features and functionalities. Set them to update automatically.

How can we protect ourselves as a company, organisation or entity?

There are a number of protocols that you have probably already heard of or have in place that, when configured, prevent cybercriminals from impersonating a legitimate sender by impersonating them using the same domain name. These are the well known identity verification protocols SPF, DKIM y DMARC. It is essential that we have them implemented when sending email campaigns, not only for security, but also to prevent our emails from being marked as suspicious by email analysis tools when sent without SPF signature and / or DKIM.

We will now look at what each of the protocols consists of and how they can help us:


SPF (Sender Policy Framework)

The SPF is an authentication protocol that determines and defines who can send emails from a specific authorised domain and therefore links the domain name to an email address. In this way, if someone sends an email from a server other than the one authorised, the message will either be considered SPAM or will not be delivered. Thanks to the implementation of this protocol, we will be able to eradicate the problem and threat of email spoofing.


DKIM (DomainKeys Identified Mail)

The DKIM is an authentication mechanism that binds a domain name to a message. When using DKIM, an encrypted signature is included in the header of all outgoing messages. The receiving e-mail servers decrypt your header using DKIM and verify that it has not been modified after sending. In this way we not only ensure that our domain is not hijacked, but also that our email message has not been modified.


DMARC (Domain-based Message Authentication, Reporting and Conformance)

The DMARC is an authentication method that instructs mail servers what to do when they receive a message that appears to be from a company, organisation or entity, but fails authentication checks or does not meet the authentication requirements indicated in the DMARC policy record. In this case, the unauthenticated messages could be impersonating such a company, organisation or entity, or originate from unauthorised servers. DMARC complements the SPF and DKIM protocols.


We will look more deeply into these protocols and discuss how to authenticate your domains with SPF, DKIM and DMARC and their limitations.