Hey I Need This From You Real Quick… And Hacked

by | Jul 29, 2020 | Behavioral InfoSec, Bespoke Email, Email Address Manager, Email Market, Email Tradecraft, Executive Email Security

What If A Hacker Pretended To Be You?

Spoofing is the security term for when someone pretends to be someone else. The whole point of building relationships is to build trust. But what if in that relationship, a hacker pretended to be you? Imagine you are on onboarding for a security product. You will need access to network settings and servers. Onboarding takes weeks so you and your IT counterpart are on good terms. You have needed access before and they have provided.

Then one day like many before, the IT guy gets an email from you asking for a network key to continue the onboarding. Thinking nothing of it, he send the key. Except it wasn’t you, it was a hacker. The hacker now has full access to your clients admin server. This happens more than anyone can imagine. But good luck explaining that to your client after their data and customers have been pillaged.

Trust But Verify

The reason spoofing is possible is a lack of verification. Verification often comes down to having or knowing something difficult that no one else does. The reason you are able to get into your home is because you have a physical key no one else does. The reason you are able to get into your phone is because you know the code which no one else does. To secure email from spoofing these elements must be put into place. These elements don’t exist traditionally, thus we must add them ourselves.

Enveloperty does this by enabling its users to have infinite unique, personalized addresses to had out to their contacts. This creates a two factor system of security. In order to spoof you, a hacker must send to and from the right address. They must know the address your client has set aside for you to send email to. They must also spoof or possess your bespoke address you are using to email the client. They must do this without tripping DMARC alarms.