Email trouble: Secrets of spoofing, the dangers of social engineering, and how we can help

Email spoofing is a method of scamming individuals by impersonating a trusted correspondent via email. Incidences of successful Business Email Compromise (BEC) implemented by email spoofing are rising astronomically. Existing security systems are not widely implemented and cannot provide perfect protection against a technological threat that relies on social engineering for success. When existing security systems are implemented the settings are generally not restrictive enough to catch the more sophisticated email attacks. Businesses are not comfortable with legitimate emails being lost due to security false positives. Our idea for a solution would add a layer to existing precautions that would permit looser server-side security settings but would warn the user when discrepancies occur in the header source code that could result from a spoofed email. We suggest a client-side sentinel to vet email header source code and alert the user to potential problems. This software could log alerts, notify company officials, remind users of company policies to be followed in the event of suspicious email, and could increase user accountability by logging incidents. Users could have the option of white-listing frequently flagged trusted correspondents which would decrease the annoyance of false positives.