Email Spoofing
Unfortunately, it has come to our attention that some customers have been sent emails that appear to be from someone from within Bio Technics, but are actually being sent from someone outside the Company. These people have no affiliation with us and are using a practice called Email Spoofing.
Our IT Support Company has advised us that currently within the UK they are seeing a spate of Email Spoof & Cyber Crime attempts. We want to help advise you on what to look out for and how you can protect yourself from possible email scams - please see below, or click on the handy links provided to navigate this page quicker:
How to protect yourself from spoofing
How to protect yourself when Transferring Funds
What to do if you think you have received a spoofing email
What is email spoofing?
Email spoofing is an old but very common trick used by cyber criminals. Spoofing is when an email is made to look as though it’s coming from a certain person, but is actually being sent from somebody completely different from outside of the company – usually not somebody friendly!
The process is very rarely an individual sitting at a computer trying to impersonate people, but rather some code which uses scripts, robots, metatags etc. to pull information from websites. With the increase in social media, it is not hard to pretend to be someone else and unfortunately email spoofing is relatively easy to do and is part of the reason why phishing attacks are so prevalent. It is a problem that affects both large multi-national companies and small organisations alike.
What is the aim of spoofing?
The aim of spoofing is to get the email recipients to act in the same way they would normally do when opening an email from someone they trust i.e. to click on links etc. Normally the end goal of an email spoof is to attempt to get money out of the recipient, or infect their computer.
Spoofing emails will often:
- Contain links to an infected website
- Attach an infected file
- Ask for sensitive information
- Request payment of some sort e.g. an invoice
Spoofing emails thrive on human error and cyber criminals will often take a lot of care and attention to make the emails look and sound convincing by researching online both the Company and/or the person they are impersonating. By doing online searches it isn’t hard to find relationships between companies and their customers. The more convincing the email, the more success they will have!
How to protect yourself
Employees within a company are the first line of defence when it comes to IT and it is important to exercise vigilance and ensure that everyone is able to spot small inaccuracies or suspicious circumstances to avoid the potential dangers of spoofing emails.
Luckily, there are some very quick ways to check if the email is legitimate:
Check the ‘From’ Field:
Checking the ‘From’ field on your email is one of the quickest and most effective ways to determine whether the email you’ve received is from who the person you think it is. Below are some examples of what a normal email should look like and what a spoofing email could look like:
The name of the sender and the email address should match and should use the domain of the company which the email is being sent from e.g.biotechnics.co.uk / endurocide.com
The email address of person doesn’t match the email address of who it is being sent from, or the domain of the company is wrong.
Email Signatures:
Any email which comes from a member of our team will always have an official signature on the bottom of the email, such as:
The only exception to this will be if we send you Marketing Emails using one of our info@ addresses: these emails are often sent through programs such as MailChimp. However, please be assured that whenever we send Marketing Emails, we always use our branding throughout and include lots of information about our company – to very clearly show that this email is legitimately from us. Furthermore, these emails will always be from our domain, e.g. @biotechnics.co.uk / @endurocide.com .
Links:
If we send an email with hyper-links in it, we will make it clear what the link is about and also when you hover over the link it should show you where the link will take you to; which is normally a page within our website using our domain address e.g. biotechnics.co.uk / endurocide.com
The links in Spoof and Phishing emails either go to very abnormal web addresses, or when you hover over them they do not go to a domain associated with the company the email has come from.
How to protect yourself when Transferring Funds
The UK has seen a significant increase in Cyber Fraud which can affect email accounts and bank details. Please note out bank details have not changed. If you are ever in doubt about our bank details, or any payment details you have received, please always call: +44 (0) 1561 361515 to verify them with a member of our Finance Team, before processing any payments.
Bio Technics will not accept any responsibility if money is transferred into an incorrect bank account.
Whilst file-sharing sites offer great flexibility and ease for sharing large file information, the recent explosion in the market of these types of sites has brought extra security risks that people need to be aware of.
On many file-sharing sites, it is very easy to pretend you are someone else - you simply need to have a contact to send an email to and then enter the email address of who you want the email to come from - that's it. Whilst the majority of people will use this for legitimate purposes, this open process makes it very easy to impersonate another person's email.
Also, as the are no checks on many of these sites, it can be easy for cyber criminals to send malware that looks like legitimate files e.g. criminals are careful to name the files as something relating to your business, such as 'Sales Brochure' etc.
How to protect yourself:
At Bio Technics we very rarely use file-sharing sites, however, if we do, we will always advise you that we are sending a file, what type of file we are sending and also what file-sharing site we are using. This means that you will know what to expect.
If you do receive an email from a file-sharing site, no matter how convincing the email is, if you are not expecting files to be sent to you like this, never click on the links or attachments.
Our advice is to instead either send a quick email to the person who reportedly sent you the email, or give them a phone call to double-check whether the email is legitimate or not.
As phishing attempts become more sophisticated, our methods of detection and awareness have to become more sophisticated also. It is worth taking a moment to double-check the validity of an email, especially if you compare it to the time that could be lost and the potential damage caused by clicking on an unsafe link or attachment.
If you suspect an email from a file-sharing site is a phishing attempt, most file-sharing sites will have a link either at the bottom of their email or on their site in which to report the email as fake, so that they can stop going out to others.
What to do if you think you have received a spoofing email
Follow the simple checks above and if you think you have received a Spoofing Email:
- Do not reply to the email
- Do not click on any links or attachments included in the email
- Delete the email from your system entirely e.g. from your inbox and deleted items
- There is no need to forward the Spoofing email to us, but if you would like us to be aware, please send us a screen-grab of the offending email
- Please advise your own IT Company/Department as soon as possible so that they can check your IT defenses and advise you best practice
Want to know more?
For further information and advice on Spoofing, IT Company TSG have written a blog and prepared a video that you may find helpful.
If you have any concerns at any time, please don’t hesitate to get in touch:
- Telephone: +44 (0) 1561 361515
- Email: info@bio-technics.com
Disclaimer:
Whilst every effort has been made to ensure the information presented above was correct at time of publication, Bio Technics Ltd. does not assume any liability to any party for any errors or omissions. The above information is supplied for guidance purposes only and is without guarantee: we would always recommend contacting your own IT Department/Support Company for any further advice. Any opinions expressed in this document are not necessarily those of Bio Technics Ltd. and are not for onward publication without consent.