What Is Email Spoofing?
Email spoofing is the forgery of an email header. So that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a popular tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate or familiar source. The goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation.
Although most spoofed emails can be easily detected and require little action other than deletion, the more malicious varieties can cause serious problems and pose security risks. For example, a spoofed email may pretend to be from a well-known shopping website, asking the recipient to provide sensitive data such as a password or credit card number.
Alternatively, a spoofed email may include a link that installs malware on the recipient’s device if clicked. One type of spear phishing attack used in business email compromises involves spoofing emails from the CEO or CFO of a company requesting a wire transfer or internal system access credentials.
While email spoofing is most popularly used to execute phishing attacks, a cybercriminal may also use this technique to avoid spam email blacklists, commit identity theft or tarnish the image of the impersonated sender.
How Are Email Addresses Spoofed?
So how does it work? How can you spoof, and subsequently spam, an email address?
All a scammer needs is a Simple Mail Transfer Protocol (SMTP) server. It is a server that can send emails and the right mailing equipment. This could simply be Microsoft Office Outlook.
You need to provide a display name, email address, and login information. Basically, a username and password. The latter lets you into your own email account, but your displayed name and email address can actually be whatever you like.
Code libraries like PHPMailer streamline the process. You simply have to fill out the “From” field, write your message, and add in the recipient’s address. We don’t advise you do this, obviously, because, depending on your jurisdiction, it’s illegal.
Most email clients don’t support the practice. They typically ask you to verify that you can log into the address you are pretending to send messages from. There are ways around this, but scammers bypass it using “botnets” as mail servers. A botnet is a system of infected computers, acting generally without the users’ knowledge to forward viruses, spam, and worms to other devices.
How to Tell If an Email Spoofed?
If a spoofed email does not appear to be suspicious to the user, it is likely it will go undetected. However, if the user does sense something is wrong, they can open and inspect the email source code. Here, the recipient can find the originating IP address of the email and trace it back to the real sender.
Another sign to look for is a soft-failed Sender Policy Framework (SPF) check. A protocol defined in RFC 7208 that provides a solution to authenticating email senders. If an email soft-failed this protocol, something fishy may have been detected. But it was still allowed to deliver.
Why Did Strangers Gets Email from Me?
In rare cases, you might get an angry message from a stranger who claims you sent them a virus. Yep, this is due to email spoofing.
When one machine is compromised, malicious software scours the address book and sends malicious software to contacts using that email client. These often claim to be from a friend of the infected computer’s user.
You don’t even need to know this person. Their name is being used solely because you have a mutual contact!
A virus’ modus operandi is to prosper. They spread and infect as many machines as possible to gain as much personal information, and therefore influence, as they can. Most notably, this is through malware installed on a device through subterfuge. Like a Trojan horse which purports to be something useful while hoovering up your data.
If you get a message from an irate stranger, explain that this is not your fault. Maybe forward them onto this page. So they are aware of what can be done. You could then try to isolate which contact you have got in common. So you can alert them that their system has been compromised.
What to Do if You Get a Suspicious Email?
If there is a link in the email, do not click it for the sake of God. Similarly, do not download any attachments unless you know they are genuine. It does not matter if it comes from someone you think you can trust or not.
Read up on spotting a fake email, and do not ignore basic practices if the email is supposedly from someone you know. We tend to be immediately skeptical of out-of-the-blue mails from our own address. But not of unsolicited messages from friends.
Then again, the fact that you know the sender should give you an advantage. You know if they are likely to send a link on its own with no other text around it. Whether their messages are long and rambling. Or whether they always make spelling mistakes.
If nothing is immediately obvious, check through previous emails and note patterns. Do they have a signature that comes through on all their messages? Do they normally send emails via their phone, and so have “Sent from my iPhone”, for example, at the bottom?
If you are still not sure, simply ask the supposed sender.
What to Do If Someone Is Using Your Email Address?
We always advise you not to click on anything you think might be malicious. Certainly don’t click on anything if the email appears to be from your own address and you don’t recall sending it.
If the message claims to be from you, check your Sent folder. If it’s there, but you didn’t send it, your account has likely been compromised. Equally, if you look on Gmail, you can see “Last Account Activity”. It might give you an indication about whether someone else is logging into your account or not.
You must change your password straight away. To do this, check out our article about tips for creating a strong password.
How to stop email spoofing
To prevent becoming a victim of email spoofing, the following practices should be put into place:
- Keep antimalware software up to date.
- Do not share private or financial information through email.
- Turn spam filters on to the strongest settings, or use tools like Gmail’s Priority Inbox.
- Avoid clicking suspicious links or downloading suspicious attachments.
- Never enter sensitive information into links that are not secure.
- Learn how to open and read email headers for signs of email spoofing.
- Conduct reverse IP lookups to verify the real sender.
It can be a frustrating situation to find yourself in. But fortunately, more people recognize email spoofing as a scam, immediately sending such items to the trash.
They do serve as a timely reminder that we always need to keep every aspect of our online lives secure. That means social media feeds, your browsers, and your email accounts. You should familiarize yourself with the common email security protocols. And speaking of spoofed addresses, find out if dark web scans are worth the cost.