MyHostingPartner.com
  1. Home | 
  2. Knowledge Base | 
  3. E-mail | 
  4. Mail security | 
  5. Information about Spoofing and Phishing

Categories

Information about Spoofing and Phishing

There are a number of useful tips you can take with our hosting your domain name to combat Spoofing and Phishing. There are several different types in doing this, and you can distinguish between two different types.


Way 1:
Legitimate of name in combination with thelegitieme-email-adres-@legitiem-domein.nl

Way 2:
Legitimate ofname combined with a fake email address, i.e.spam@spam-domein.nl.

These two ways can be caught by activating DKIM, DMARC and the SPF record in the DNS zone records. More information can be found on the following link:
https://www.mijnhostingpartner.nl/client/knowledgebase/domeinen/dns/dkim-en-certificaat-sleutel-instellen/

A DMARC record is created by default when creating an email address. This can be further configured as desired. An example would be:

"v=DMARC1; p=none; rua=mailto:info@mijnhostingpartner.nl; ruf=mailto:info@mijnhostingpartner.nl;"
The various arguments supplied to this are:
P: here we have entered none, if you want to give more value to this then here you can also choose quarantine policy. Or reject policy. Quarantine means suspicious messages will be placed directly in the SPAM folder. With reject the whole mail will be rejected and can't be found in the mailbox.

The following conditions can be set on the same email address
Rua and ruf policies: Here you can set the email address where the reports should be sent to. Each time a report of the mail traffic and the errors made or encountered will be sent to this address.

With P: quarantine you can make it a lot safer by sending unsafe messages directly to SPAM.

If you want more information about the further tags, we recommend the official website of DMARC.

An SPF record is easy to set up. Since this always concerns the same mail server it can be copied directly from below:
v=spf1 a include:spf.mijnhostingpartner.nl ~all

This is a TXT record which can be created without a name. This can be done in the following manner.

What else characterizes Spoofing messages?

As you learn more about how this is done, you will recognize it faster and faster. The following things should be paid attention to:

  • Spelling and grammar, Spoofing messages are often characterized by these and can thus be quickly filtered out when you read them briefly.
  • You did not initiate the message, so as an example you did not make a request to a website to reset your data.
  • Contains strange URLs and email addresses. Take a closer look at the sender by opening the header of a message. Hover over a link to see exactly where it goes.
  • Contains a link or email address you do not recognize.
  • Uses coercive or threatening language
Spoofing messages are extremely successful for the malicious, 1 in 3 companies fall victim to this. That's why this is a popular method.

How else do you arm yourself against it?

In addition to the direct steps you can take to combat Phishing and Spoofing, it is important to take the following into account.

Stay up to date on the latest developments and news about SPAM and Phishing methods. We will always do our best to keep this updated in our blog posts and announcements. So always keep an eye on this for the latest updates.

Double and triple check before you click on a link. Often 1 click on a link is enough to cause damage. Establish this rule throughout your company. Also among colleagues who email each other. Check first before clicking on a link.

Be careful with personal information. Do not use your full name and certainly no credit card / bank details for suspicious mails.

Keep the browsers you use up to date. This ensures the latest security patches.

Change your passwords on a regular basis and use our password generator to create strong passwords.

Never download files from suspicious websites, first of all check again with the given link and email. And keep track of where the final link lands. It is also important to check the SSL certificate of the website. Only a green lock does not mean that it is actually safe. Thanks to the many free SSL certificates that are issued such as those of Lets encrypt.

Regularly check the add and subtractions of a business or personal account. Every transaction should be able to be put back.