Cybersecurity for small business: Email authentication

Andrew Smith, Director, FTC Bureau of Consumer Protection, writes:

As a business person, you know about phishing, of course. At first glance, the email looks like it comes from a recognized company, complete with a familiar logo, slogan, and URL. But it’s really from a cyber crook trying to con consumers out of account numbers, passwords, or cash. In addition to the serious injury these scams inflict on consumers, there’s another victim of phishing: the reputable business whose good name was stolen by the scammer.

Fraudsters don’t just masquerade as global financial institutions or industry giants. They impersonate small businesses, too. But there is good news on the fraud-fighting front. There are steps you can take to make it harder for scammers to send phishing emails that look like they’re coming from your company. Tech types use the phrase “email authentication” to refer to tools that work behind the scenes to help a server verify that a message that says it’s from yourbusiness.com really is from you. Those tools also will block messages or send them to a quarantine folder if they bear the telltale signs of a phishing attempt.

When we sat down with small businesses to see how we can help your cybersecurity efforts, you asked for more information about email authentication. The FTC’s Cybersecurity for Small Business campaign features new resources designed to fill that need.

Read more on the FTC’s blog.

About the author: Dissent