Cybercriminals are impersonating you and stealing your customer’s data!

Email spoofing is a technique used by cybercriminals to trick recipients into thinking that an email is from a legitimate sender. This is done by forging the sender's email address, display name, or both. These spoofed emails can be very convincing and be very difficult to spot as fake.

Why would they want to do this?

There are several reasons why cybercriminals might want to spoof an email address. The most common reasons are to carry out phishing attacks and spread malware.

Phishing attack - cybercriminals will send an email that is disguised as a legitimate organization, such as a bank or credit card company. The fake email will have links to sites that look like legit bank logins, Microsoft login pages, etc.

Spread malware - cybercriminals might spoof an email address to spread malware. By leveraging your brand's reputation, cybercriminals trick users into opening attachments that contain a virus because they think it is from a reputable source.

How do you protect your brand from this type of attack?

There are several layers of protection you should add to your domain to protect your brand from these types of attacks. The focus of this article is DomainKeys Identified Mail (DKIM), an email authentication protocol that helps to verify the identity of the sender of an email and to ensure that the email has not been tampered with in transit.

DKIM works by digitally signing emails with a private key that is associated with the sender's domain. The public key for the private key is published in a TXT record in the DNS. This allows the receiving email server to look up the private key and do some math to verify if the email was sent from a legitimate source. It also validates the contents of the email so the receiving user knows that the contents were not tampered with during transit. I know it sounds complicated, but it is relatively easy to set up using tools provided by email service providers.

Overall, setting up DKIM for your domain is an essential step in protecting your email reputation, improving deliverability, and safeguarding your brand from impersonation. It's a relatively simple process that can have a significant impact on your email marketing and communication effectiveness.

These are a few links that will help you configure DKIM for your domain if it is hosted with Microsoft 365 or if it is hosted on Google Workspace.

Configure Microsoft 365 to us DKIM

Turn on DKIM for your Google Workspace Domain

If you need help protecting your business please reach out to us by filling out the form below.