Email Phishing and Spoofing Are Serious Threats to Your Business

September 23rd, 2019 by Guillermo Fernandez

Once upon a time not too long ago, fishing and spoofing were enjoyable activities. Relaxation; fresh air and fresh seafood; a friendly prank for fun; a few laughs with friends. Then electronic communications like email, texting, and emojis took over our lives. LOL. Hahaha. Click here to download my malware.

Today, phishing and spoofing are no longer funny and no laughing matter. They’re wreaking havoc on businesses around the globe.

You’re probably all too familiar with the threat of phishing (and how spoofing plays a villainous role), so you’ve already taken some important steps to protect your company against these threats. If not, the time has arrived to do so.


The most important step you can take is to make sure – really sure – every single member of your organization understands the severe risk your entire operations – from top to bottom – faces by this threat.

If you asked everyone in your company to define phishing and spoofing, what percentage would even know what spoofing is? Or the difference between the two? How many of those people could truthfully say they properly scrutinize every email that appears in their inbox – before they click a link in it or reply to it?

The degree of risk phishing poses probably warrants an actual conversation with each employee – from top to bottom. Or better yet, schedule company-wide dedicated training – to distinguish this critical topic from the cascade of other information that drenches (drowns!) everyone daily.


Yes, we just mentioned training. Do not expect your team members to take email security protocol to a higher level of personal responsibility without educating them about the importance to do so. They must know the specific actions you want them to take, in order for them to willfully accept that responsibility.

Acceptance of personal responsibility by your team members is your system’s last layer of defense – and it takes just one small crack in the armor to expose your entire operation to malware. To illustrate that point, just look toward Baltimore and the 20+ towns in Texas that have been impacted by ransomware to the tune of tens of millions of dollars – and tons of stress.

Forget the money; that’s way too much stress for any organization to impose on itself – especially when existing technology and services could have prevented those incidents. Learn more about Information Management. Go ahead, click it. It’s a safe link to another page on our website. Maybe.

A CEO is as susceptible as an apprentice – and probably less savvy about technology and online activity. Does everyone in your company – from top to bottom – know how to determine if the text link above is or isn’t safe? Do they all habitually follow the proper protocol before clicking – or not clicking – a link? Do they all understand the implication of their actions?

Vigilance by everyone in your organization is required to fight the ever-present threat of deceptive hackers and their insidious malware. We’re basically talking about behavior modification, which doesn’t happen overnight. Proper training and continuous reinforcement of your established protocols are the only way to ensure everyone always conducts their email activity in accordance with those protocols.

Even if you do everything you can on the back end to prevent spoofing, staff members will probably still receive phony emails fishing for a bite. A click – just one click – is all it takes. Everyone in your organization must know the steps to take and the visual cues to look for to determine if each and every email and text message they receive is legitimate or a spoof.


However, even though training is the most important step to take regarding your staff, you, of course, first need to keep your cybersecurity software up-to-date to defend against all known types of cyber attacks. Then you need to prevent as many phishing emails as possible from ever reaching your team’s email inboxes or IM apps.

If a phishing attempt does pass through all layers of your software security and is subsequently delivered to a staff member’s inbox, you need to have a visual clue warning system in place to highlight suspect messages. Each flagged message can then receive appropriate scrutiny before it’s opened; followed by a safe response according to established protocols.

Gmail for Business, Office 365 Business, and Microsoft Exchange each have a method to add SPF/DKIM/DMARC DNS records to deter spoofing. They also let you create recommended inbox filters, warning flags, and other visual cues. If you’ve not yet taken these steps, you can check your particular email admin center to learn and implement those recommended adjustments throughout your organization.


If you’ve already done everything administratively possible on your network to prevent phishing emails and text messages from reaching your staff members, then – before you begin formal training – you should document the protocols you want them to follow all of the time.

It’s the “all of the time” aspect of secure staff communications that is the really hard part to achieve. Your training needs to be ongoing – just like the never-ending threat of hackers. By documenting your training information, everyone in your organization will be on the same page – literally.

Eventual new team members can quickly ramp up to speed about your email and texting protocols by studying your training documentation – before they access their email account for the first time.

Training documents should be updated as needed to reflect new threats to online communication security, along with any related protocol adjustments. Additional training and reinforcement should follow for all team members. Update. Train. Reinforce. Perpetually repeat the process.


Like lurking backstreet muggers whose weapon of choice is malicious malware, hackers are out there right now roaming the Internet for easy-to-overcome victims. They seek inadequately-protected private networks and poorly-trained personnel who don’t have an ingrained awareness of the damage they want to impose upon your entire business operations. Keep Baltimore, Texas, ransom, and stress in mind.

If you are not 100% positive you’re sufficiently protected against phishing and other online attacks, click here to take our Technology Strength Assessment. You’ll receive a Technology Strength Score based on your assessment answers.

If your score needs improvement and you don’t have a qualified person to handle the job, contact us. If you’re appropriately hesitant to click that link, you can call us at our Indianapolis headquarters to begin the conversation right away. Our phone number is (800) 467-7474.


Van Ausdall & Farrar provides on-site, expert instructor-led end-user and administration training. We also provide secure managed networks and document solutions.

We’ll help you take a phishing vacation, so you can take a fishing vacation. You’ll once again relax and laugh like you did in the good old days.

Posted in: Insights from VAF Blog, Data Security & Compliance Solutions, Information, Training, Cybersecurity