5 ways to avoid being the target of spoofing

ver several days, a number of your members report receiving an email from a board member Oasking them to open an attachment. Most realize it’s spam and delete it, but since it appears to come from your chapter, one or two fall victim to the scam.

Email spoofing happens when scammers forge communications with your members and the sending details on a message, the same way potential members. someone can write a false return address on an envelope. The message might appear to Check your SPF records and adjust if be from you, but isn’t really. By leveraging necessary. The (SPF) publicly available information, scammers hope standard identifies the mail servers that can to get the recipient to provide something of send email on behalf of your chapter, and an value, like sending them account information SPF-protected domain is less attractive to phishers or transferring funds. and spoofers. Understanding some of its intricacies and adjusting as necessary can help The volume of spam quadrupled in 2016 protect your chapter’s reputation and improve (2017 IBM Threat Intelligence Index). There are your email deliverability. StarChapter maintains a number of things you can do to protect your SPF records on your behalf. chapter from spoofing, and there are changes you can make in the aftermath of a spoofing If you’ve gotten a spoofed message, make sure attempt to maintain the safety of your email that your email system is set to perform SPF program and the integrity of your checks. SPF records (above) don’t do any good if

5 ways to avoid being the target of email spoofing your email system isn’t checking them. Speak with • Asking for a transfer of funds, usually via your IT provider about this if you have received Western Union spoofed messages. • Asking for information that the “sender” should already have, like account Check sender information carefully. Free email information accounts are literally less than a dime a dozen. • Requesting a login or password over email Anyone can get an address from Hotmail, Gmail, • Links that are labeled one way, but whose or a similar provider with your name in it. It could addresses (visible when hovering over a link) even be an address that looks like yours, but with are completely different a dot instead of a hyphen. If you don’t recognize • Messages that include grammatical or the that a message is coming from, spelling mistakes proceed with caution. You can also check the email headers. This is one of the best ways to tell Share some common strategies to protect your if an email isn’t from the person it looks like it’s members. from. Emails have two parts – the body, with the text and any attachments, and the header, which • Never click on misleading links or contains information like the email address and downloading unfamiliar attachments the IP address of the sender, path of the email, • Set spam filters a little stronger, to send recipient, subject, date, etc. Look closely. (Here’s more emails to spam versus their inbox an in-depth article on email headers and • Learn to use your browser’s security spoofing.) features • Keep your computer’s antivirus software up Educate your chapter. Not everyone is familiar to date with common scams, so education is important. You need to be vigilant, to keep your Ask your members and guests to report possible chapter and your email recipients as protected spoofed emails to you. Let members and guests as possible. Give your members and potential know you’re looking out for them. members the tools they need to recognize potential scam emails. Common signs of a scam include:

5 ways to avoid being the target of email spoofing