This is where the man-in-middle-name derives from, as cyber criminals can intercept web traffic between the network and user. The spoof begins when the criminals alter the traffic to re-route funds from transactions, or steal sensitive personal details, such as a financial information or account credentials.
The description of this attack should make it clear to every business that has its staff on the move, that such breaches can occur no matter where they are operating from.
How to avoid it?
To avoid becoming a victim of a spoofing email – always question an email from a member of staff asking you to spend your own money, or company money in a way that is out of the ordinary. If you are unsure, then question the transaction via phone call BEFORE proceeding. Only proceed with the action once you have verbal confirmation you should proceed. By speaking to someone first, even if the email states to not call the sender, you are ensuring the request is legitimate, and ultimately denying the cyber criminals their goal – to extort you or your business out of a lot of money.
By being vigilant and not being afraid of questioning transactions requested via email, you are doing the right thing. A key moment in the act of spoofing is when employees carry out requests made by cyber criminals without double-checking. Your boss would much rather you bother them with a quick check via a call than the alternative of losing money and opening up your company systems to these cyber criminals.
Help your employees and fellow colleagues understand the difference between legitimate and bogus requests, by looking into Phishing Awareness Training. The training sends your staff real-life examples of phishing campaigns, so they can be tested to notice the tell-tale signs of erroneous communications. It’s all done on-the-job and can help create a real culture of safe cyber activity among your staff.