Learn more about Spoofing and Phishing on email addresses
Everyone has encountered this, whether it was with a mail account from MijnHostingPartner.nl or another email account. Phishing and Spoofing emails. In this blog post we will explain what steps you can take to prevent this.
Messages that come in can quickly add up for a company or personal account. If you have an email address listed on a website or public source, this can be the source of a lot of SPAM, Spoofing and Phishing. In this article we will explain how you can recognize and prevent this. We do this by making some changes or additions in the DNS zone records of a domain. And by educating yourself on what exactly this looks like.
How can you recognize Spoofing and Phishing emails?
Spoofing and Phishing emails can be recognized by a number of things. Remember that this can always vary and requires constant vigilance from yourself and your colleagues. If your attention wanders at 1 email, you can quickly have a lot of trouble, time and financial stress because of it. It is therefore important that you deal with this seriously and also keep your colleagues well informed.
Furthermore, there are often two ways in which an email tries to trick you:
Way 1:Legitimate of name in combination with the firstname.lastname@example.org
Way 2:Legitimate of name combined with a spurious email address, i.e. email@example.com.
So it could be that an email arrives from your own email address or colleague, claiming that you have been hacked or have taken over your webcam. Or simply asks you to transfer an invoice for the cleaning.
Spoofing and phishing emails can be recognized by the following items:
- Spelling and grammar, Spoofing messages are often characterized by this and can therefore be quickly filtered out when you read them.
- You did not initiate the message, so as an example you did not make a request to a website to reset your data.
- Contains strange URLs and email addresses. Take a closer look at the sender by opening the header of a message. Hover over a link to see exactly where it goes.
- Contains a link or email address you do not recognize.
- Uses coercive or threatening language
Especially the use of coercive or threatening language you see more and more lately. They do this of course to evoke a degree of urgency and emotion. You will react or perform an action to it. So be aware of that with every suspicious mail you might receive and double check every link.
What steps can you take to prevent this?
There are a number of steps you can take to prevent and counteract this. These things are set through the DNS zone records in the control panel. The DNS zone records that matter most are the DKIM, DMARC and SPF records. We show more information in the header below. This links to the knowledge base and helps you further with the specific information that is further available here.
Existing resources of MijnHostingPartner.nl
To make it easy, we also created a knowledge base article for this specific topic. Here all information is put together and you can also read more about the settings that can be used.
Within this article you will also see a number of sources for the steps that need to be taken. This is also conveniently indicated using screenshots. So you can effortlessly follow along with the steps to get the mail monitoring on your hosting tip top.
Further steps and checks that need to become second nature.
Besides the technical settings you can make to stop this, there are also a number of habits you have to teach yourself and your team. With respect to Phishing and Spoofing, the key is to make sure everyone is aware of it. From the owner of the company to the reception and sales staff. Everyone can be affected by this.The following steps can be taken into account to ensure that the personal check goes well:
- Keep up to date with the latest developments and news on SPAM and Phishing methods. We will always do our best to keep you updated in our blog posts and announcements. But please also check the news sites that report on these matters yourself to stay informed.
- Double and triple check before you click on a link. Often 1 click on a link is enough to cause damage. Establish this rule throughout your company. Also among colleagues who mail to each other. Check first before clicking on a link and taking an action.
- Be careful with personal information. Do not use your full name and certainly no credit card / bank details with suspicious mails.
- Keep the browsers you use up to date. This ensures the latest security patches. Besides the browsers, it is of course also important to keep everything that has to do with your hosting up to date. From the CMS to the version on your phone that you use to receive mail.
- Change your passwords on a regular basis and use our password generator to make use of strong passwords. There are also password tools to use such as Lastpass.
- Never download files from suspicious websites, first of all check again with the given link and email. And keep track of where the final link lands. It is also important to check the SSL certificate of the website. Only a green lock does not mean that it is actually safe. Thanks to the many free SSL certificates that are issued, such as Lets encrypt.
- Regularly check the add and subtractions of a business or personal account. Every transaction should be able to be put back.
If you have more questions about working with email and how to do it safely? Check out our knowledge base or contact our helpdesk via chat.