The Ninja Sensei’s Logbook: Don’t be Spooked by Email Spoofing

Email spoofing has already victimized numerous individuals and organisations. Don’t be one of them!

Identity theft is a serious problem. Organisations are not immune to such a sneaky tactic. With the sophistication of techniques employed by bad actors in email spoofing, businesses can fall prey to these traps, which often target their employees who are handling log-in credentials.

What exactly is email spoofing, and how does it work?

Email spoofing is a tactic employed in spam and phishing campaigns to deceive consumers into believing an email originated from a person or organisation they know or can trust. In spoofing attacks, the bad actor falsifies email headers to make it look as if they came from a legitimate source.

It works by taking advantage of the receiver’s trust upon thinking that the sender is a legitimate one, where due to this trust, the victim discloses sensitive information, which typically ends in remorse.

According to Singapore Police Force (SPF), at the start of 2022 alone, there have been at least 149 people who have fallen prey to a scam involving spoofed work emails, with losses amounting to at least $70.8 million.

Are there any ways we could prevent this? Yes!

👉Educate your employees about email spoofing, particularly those responsible for making wire transfers, such as purchasing and payroll personnel.

👉Prevent unauthorised access to your email account by using strong passwords, changing them frequently, and, if possible, implementing two-factor authentication. Consider installing complimentary email authentication technologies like Domain-based Message Authentication, Reporting, and Conformance.

👉Install and maintain anti-virus, anti-spyware/malware, and firewall software on your computer.

👉Maintain an up-to-date operating system by installing patches when they become available.

These are some preventive measures that the SPF has given so that organisations could limit instances of being a victim of email spoofing.

P.S. For any further questions or if you need help with your cybersecurity and data protection compliance journey, don’t hesitate to reach out to us. We are always a text/call or email away!

📱 WhatsApp: +65 8750 4250
📧 Email:

This post first appeared on Andy’s LinkedIn wall. Follow us on the following pages for more updates! Facebook | Twitter | LinkedIn | YouTube | Website



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Privacy Ninja

Privacy Ninja is Singapore’s leading cybersecurity & data protection firm offering the most affordable services, like outsourced Data Protection Service & VAPT.