Everything You Need to Know About Email Spoofing

In our last blog post, we went through the basics of email phishing. Phishing happens when a cybercriminal uses email to trick their victims into giving up personal information, like banking credentials, SSN numbers, and more. Most phishing attempts use a method called “email spoofing,” in which an email is designed to look like it came from a trustworthy source, like the victim’s bank. These emails are designed to look real but they go deeper than that; the sender’s signature looks legitimate and the links inside the emails take victims to web pages that look completely real too. However, it’s all clever deception. So how do you avoid falling for the trap if it looks legitimate in every way? Here’s everything you need to know about email spoofing and protecting yourself against it:

• What is spoofing?
• Why do people do it?
• How is email spoofing done?
• How do I protect myself against it?

What is Spoofing?

Spoofing happens when cybercriminals forge the header/originating address of emails. This makes it look like that message originated from a different source. The emails may look like they’ve come from a legitimate business such as a popular online store, or a banking institution. They may also look like they come from people you know personally like friends or coworkers. By allegedly originating from a trustworthy source, these messages have a higher likelihood of being opened than other spam emails.

Why do People do it?

There are a few reasons criminals use email spoofing, but they normally boil down to two purposes: phishing, and spam. Phishing is when someone online is trying to obtain sensitive information from you. Phishing emails are most likely to ask you to input some sort of data within the email itself. For example, a phishing message that appears to be from your bank may request that you sign in to your account to address a problem, right from the email itself (or through a link provided in the email). If you do, the person on the other side of the message might see your username and password. They can then access your account in future.

Another possible phishing message can appear to be from your boss or a coworker asking for system access credentials. If you respond with the information, then the security of your company (and your job, for that matter) becomes compromised.

The other main reason for email spoofing is spam. Because these messages look more trustworthy when compared to other types of spam, they’re more likely to be clicked. If you’re lucky, the inside of the email will just be apparent spam that you will recognize and delete. However, many of these emails contain links that, if clicked, can download malware onto your device.

Spoofing may also be used for committing identity theft or tarnishing the reputation of an email user. However, these reasons are less common.

How is Email Spoofing Done?

While we all like to think that criminal geniuses run spoof attacks, the truth of the matter is that it’s actually very easy to do. All a person needs is a Simple Mail Transfer Protocol server and an email service such as Gmail or Outlook. With these two pieces of tech, the user can edit different fields within the email such as the header and originating address. Although many email systems have developed tools for detecting and filtering spoofed messages, these methods still need improvement and have been adopted very slowly.

How do I Protect Myself Against Spoofing?

Because some spoofed messages are extremely sophisticated, many people have difficulty picking them out from real ones. You might get some protection by using a secure VPN service, which encrypts your data and prevents your email address from falling into the wrong hands in the first place. However, there are some best practices you can implement with every email you open to stay protected in every eventuality.

Keep Your Anti-Malware Software Up-to-Date

If you accidentally click a malicious link in a spoofed email, your anti-malware software should be able to detect it and block it (or warn you about the link even before you click it).

Don’t Share Sensitive Info

Even if you trust an email 100 percent, you should never share sensitive information through emailed messages. Once you’ve sent the message, its security and privacy is out of your hands and anything can happen to it. Whether you suspect spoofing or not, implement a policy of never sending personal data, like financial information, through email.

Use Strong Spam Filters

Many email services allow you to set the strength of your spam filters. Use the strongest possible settings to protect yourself from spoofed emails.

If You’re Not Sure, Don’t Click

If you don’t have full confidence in an email link or download, just don’t click it until you’re positive it’s safe. For an email from your bank, call the bank and ask about the validity of the message (but don’t use any phone number found within the email itself in case it’s fraudulent). If a coworker has sent you an email, you can also check with them that they were the one to send it before you open any links or start any downloads.

Check That Links Are Secure

If you do trust a link enough to open it, check its level of security once it is open. If the URL starts with HTTP instead of HTTPS, it isn’t secure and you should never input any personal information into that website.

Look at the Email Address, Not Just the Display Name

Most email servers allow you to choose or change which name you want to appear alongside your message. However, you should always compare the display name to the actual address. If the display has the name of your great aunt but the address says “[email protected]” then you’re probably being spoofed.

Examine the Email’s Content

While some spoofed messages can appear indistinguishable from a legit one, there are a few signs to watch out for that can tell you if a message is real or not. If the subject line is designed to frighten you or spur you into an action (for example: your account has been suspended), it could be a spoof. Another sign of a fake message is spelling mistakes. One mistake might not be cause for alarm but several is more likely to indicate danger. A third trick to try is to hover over links in the email. If you hover over the link, there should be a little pop-up to tell you the URL the link will take you to. If it’s suspicious, you’ll know not to click it. Finally, if the email is too vague or too jargon-y, stay on your guard and verify its authenticity if possible before taking any action with it.

Get Technical

While visual signs of spoofing are great to look out for, sometimes those signs just aren’t there. If that’s the case, you can take a technical look at the email. First, examine its header. The email address in the header should match the address you expect it to be from. In the header, you can also take a look at the “received” field. The email address there should match the name of the sender. Finally, take a look at the return path, which should also match the expected address of the sender. You can also conduct a reverse IP address lookup, to see where the sender of the email originates from. If the email should come from Detroit, Michigan but the IP address is somewhere in Nigeria, it’s probably a spoof.

Email spoofing is a real threat to online privacy and security but it doesn’t have to be. By understanding how it works and how to avoid it, you can stay protected.