When is a Hack not a Hack? 

Or, how to tell if you have been ‘Hacked’ or just ‘Spoofed’ 

Following the Facebook security breach this month, we saw a surge in Helpdesk calls relating to people who had been hacked, but also some who had just been spoofed.  

Confused? To many people, it is very difficult to tell them apart, but there is actually a huge difference between being Hacked and being Spoofed. 

Getting hacked 

‘Hacked’ means someone has deliberately violated your security and broken into one of your private accounts, typically your email account, with a view to impersonating you or using information that they find to defraud either you or someone else. This is very serious and can easily have very negative consequences. 

Getting spoofed 

‘Spoofed’ means that someone has impersonated you or your email address, in an attempt to trick somebody else into doing something, typically paying over money or clicking on a link to a fraudulent website to either get their confidential details, or to deliver a virus or malware. 

What’s the difference? 

At first glance, these two events can appear very similar, in that someone receives an email in their Inbox which appears to come from you.  Closer examination can often show the difference; a spoofed email will have clues, such as the ‘from’ email address, which show that it is not actually from you. 

But a hacked email will appear completely genuine, and that is because it has actually come from your email account, and therefore is indistinguishable from a genuine email, unless the bad guys give themselves away by using bad grammar or incorrect terminology. 

Sadly, we have witnessed email hacks which have resulted in significant financial loss.  Typically, the bad guys will hack into an email account, and set up various rules and forwards to disguise communication with certain people. They may set up a new conversation with a customer, telling them of new bank details for their next payment.   

The rules they have set up will divert the customer’s replies to them instead of to your Inbox, so you are completely unaware that this is happening.  And remember, because the emails are actually coming from your email account, your customer has no way of knowing that they are not from you.  The bad guys will also be able to look at and copy your style of writing, your logo, your company details etc.  This can go on for some time, and we have seen cases where this has resulted in serious, ongoing financial losses. 

A spoof is generally less serious, but can still cause confusion and concern for the recipient, weaken your reputation, and may well contain viruses or other malware or persuade the recipient to part with private information. 

What should you do if your email is hacked or spoofed? 

So, what can you do?  Firstly, be vigilant. Train your staff to also be vigilant, and to suspect anything which appears even slightly out of the ordinary such as requests for money, or a change of details. Have strict policies with Customers and Suppliers to make sure that they need additional authorisation before changing any account procedures. And always, of course, feel free to send us any suspect email that you come across for our experts to advise you. 

Let CSSCloud protect your business 

Our CloudProtect Service lets you pick a support package to support your business. This service is designed from the ground up to keep your business safe and reduce the risk of a hack taking place.

© 2019 CSSCloud Ltd.

Web Design by FurtherMore Marketing Ltd.

CSSCloud Ltd. is a company registered in England and Wales 10773055 | VAT Registration number: GB 271 0938 07