Hopefully by now, most people know better than to fall for the Nigerian Prince Bank Transfer email scam. Unfortunately though, order to keep collecting peoples credit card number and bank accounts, scammers are always trying new tactics.
Enter Email Spoofing.
No one is susceptible to this. Not even PGN.
One of our accounts were both hacked and spoofed in the last month and, although resolved now, something we decided to stand against and attempt to educate our clients and community about the things to look out for to stay safe on the web.
It is easy for most people to identify spam emails when they see it in their inbox. But, seeing a spoofed email in our inbox from a friend or even ourselves can be confusing. Email spoofing is not a new concept. It is likely you have come across an email that looks like it came from a friend, when in fact it came from spammers.
Spammers can spoof an email by creating an email message with a forged sender address. Because emails today do not require any form of authentication, it is not surprising to see phishing and spam emails using spoofing to deceive the recipient about the message’s origin. By spoofing legit email addresses, spammers boost the chances that a recipient will open a spam email and click on a malicious link.
To avoid being a victim, we will show you how to identify email spoofs and how to protect yourself from getting spoofed. But first, let’s look at the definition of the term email spoofing.
What is email spoofing?
Email spoofing is when a sender intentionally alters parts of an email message to make it appear as if it came from someone else. Typically, a spoofer may change the sender’s email address and name, including the body of the message to make it look like it came from a legit source.
In most cases, a spoofed email appears as if it came from a family member, coworker, bank or any other trustworthy source. It is very easy to get the tools that are used to spoof email addresses.
All you need is a mailing software and SMTP server. When someone sends an SMTP email, two address information will be available provided:
- Mail From – the recipient receives this information as the Return-path, with a header but cannot be seen by the end user.
- RCPT To – this specifies the email address the message is sent to. This is usually not visible to the recipient but may be shown on the headers.
With these terms, email spoofing can be defined as when spammers modify email identifying fields such as Reply-To, From, and Return-Path addresses to appear as if it came from a sender. In case a spammer spoofs your email address and sends out spam emails which end up being rejected by recipient server, the message may bounce back in your inbox.
In most cases, spoofed emails are part of a phishing attack. When you open a spam email and click on a link, the spammer may steal your personal information, including your passwords. In some cases, spoofers may use email spoofing as a marketing strategy to sell a bogus product.
How Do the Spammers Get Hold of Email Addresses?
In this technical world, it is not difficult. They can simply find your email address from the list used by other spammers. They can get it from many other sources as well. The virus of your computer can also be the culprit.
A virus or Trojan might be operating on your computer without your knowledge. They can easily access your email address or any other important and secure data. Therefore, it is important to protect your computer from the virus.
You can also minimize the possibility by keeping your email address private. You should avoid giving your email address on message boards and other websites from where spammers can easily get your email address and can include it into their spam list. You can also consider setting up an SPE record. It will protect your email address from the hackers and spammers.
What to look out for
To avoid buying a bogus product or losing your passwords, it is important you know how to identify a spoofed email. Like mentioned above, scammers usually change different email sections to hide the actual sender of the email message. If you suspect an email message you received was spoofed, you can open the email header and view the following properties:
- From – [email protected]. This looks like it came from a legit source on a spoofed email message
- Reply To – This is an easy target for scammers to spoof. However, some scammers may forget and leave the actual Reply To. If you look at Reply To and see a different email address, it means that your email was spoofed.
- Return-Path – This is another target for spoofing but scammers may forget and leave the actual Return-Path. If you notice a different email address on the Return-Path, it means that the email address was spoofed.
How to protect yourself from getting spoofed
If your email address has already been used by spammers, then you might find it hard to get an immediate solution. Some things you can look out for and do are:
- Turn up spam filters
You never know if a spam message may fail an SPF check and end up in your inbox. To avoid this, turn up your spam filters so that it is a little bit stronger to detect spam messages. Mail providers such as Gmail have services like Priority Inbox which help identify important people for you. - Check email headers and trace IP addresses
In case you receive a suspicious message, check the email headers and see if it is similar to previous emails from the same sender. You can also check the IP address to see if the email is from the same country as the sender or another. This can tell you if the email is spoofed or not. - Don’t download fishy attachments or click suspicious links
It may seem obvious to most, but if one person in an organization clicks a link that says it is from the boss, it could end up exposing the whole organization to scammers. To stay safe, don’t download any attachments or click any links if you are not sure about its source.