How to prevent internal email spoofing in an Exchange organization

Ensuring email security might be one of the most important and most difficult tasks an administrator must face. Every day, servers process thousands of emails and controlling such a big mail flow is not easy. No wonder hackers focus on this channel when they plan attacks. They use various tricks to make users think that opening a suspicious attachment is a good idea.

One of the tricks they use is email spoofing.

Prevent Internal Spoofing in Exchange organization

What is email spoofing?

Email spoofing is a very popular attack method. The sender modifies message headers so that emails appear as sent from someone else. Hackers use it, for example, to impersonate employees of a company to obtain login credentials, personal data, or other confidential information. Two most common ways to protect your organization from external spoofing attacks are:

  • An SPF record – a list of IP addresses which are authorized to send emails from a domain.
  • DKIM check – an email authentication method. It enables you to sign and verify email messages using public and private keys. The public keys, published in the DNS records are used to verify if the message comes from the original sender. You cannot configure it on the Exchange Server natively – you require a plugin for SMTP gateway.

Both ways give good results when fighting with external spoofing. The problem starts when we come across internal spoofing when one employee tries to impersonate a colleague. It might be a joke, or to achieve some benefits – either way, it can sabotage a company in a number of ways:

  • Cause chaos,
  • Induce material damage,
  • Harm data integrity,
  • Damage the company reputation.

 

 

See Full article in https://www.codetwo.com/admins-blog/how-to-prevent-internal-email-spoofing-in-exchange/

 

Deixe um comentário

O seu endereço de email não será publicado. Campos obrigatórios marcados com *