The email looks like this one below, or a slight variation of it: Subject: Invoice 0000516 from John Smith (email@example.com) You have received an invoice from John Smith (John.Smith@realemail.com) for ££2,827.14. To view, print or download a JS copy of your invoice, click the link below: link Best regards, John Smith (John.Smith@realemail.com)
Protecting yourself from spoof emails
Spoof emails are malicious emails that look like they’re from someone you know, or an organisation you trust. Unlike phishing (the purpose of which is to gain personal details such as account information or passwords), spoofing is an attempt to;
By misleading the recipient into believing they know the sender, people are more likely to respond, putting their computer at risk of infection.
To protect yourself from spoofing attempts, make sure you:
Double check the email address. When you see the sender’s display name or sender email address in your inbox, it doesn’t necessarily mean that’s the person or address it came from. If the display email address is inconsistent with the display name (for example, an company display name but with a random email address such as <firstname.lastname@example.org>, then it is an obvious spoof attempt.
The email might spoof the display sender email address too, to make it more convincing.
If this is the case then Microsoft (if you’re an Office 365 user) often provides a warning message: “This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing.”
If it’s confirmed as a spoofing attempt, the email should be deleted immediately.
Avoid clinking links that seem suspicious. Spoofers try to make the email look like it’s from someone you know, but think carefully if it’s something you are expecting from the sender. In the case above, are you expecting an invoice? Is this the usual way you’re notified, and does the tone and content of the email seem consistent with past communications?
Finally, ensure your antivirus systems are up to date, if in any doubt raise a case with the CenCom support helpdesk to help you check.