IT Best Practices.
Spoofing: What It Is And How It’s Used In An Email Scam
Email spoofing is the use of a fake sender address in an email message. It is used by email scammers to hide the origin of their message. By modifying the “from”, “reply” and “return path” fields of the email header, they can make the email appear to be from someone else. This is easy to do because SMTP protocol, which is commonly used in email, does not have authentication.
The use of a counterfeit email address goes beyond merely hiding the identity of the sender. It is often used to perpetrate an email scam, where the sender assumes the identity of a trusted friend, colleague, well known bank, store, or payment handling business such as PayPal. The scam attempts to convince the email recipient to send money or reveal information such as a user name and password which provide access to funds of the victim. Sometimes spammers use spoofed addresses to make their emails appear legitimate in order to get past spam filters.
The scammers typically use automated methods for gathering email addresses. Programs are used to collect emails from blogs, websites, forums, or anyplace where an email address might be posted. Another email harvesting method, is the use of a virus to collect email addresses from the address books of infected computers and smart devices. These addresses may be the target of spoofed emails or may be used as the spoofed address. People whose email addresses have been harvested may find themselves on the receiving end of email scams or may have their addresses used in scamming others.
One way to identify whether your email address is being used by either scammers or spammers, is to investigate returned or bounced emails that were sent to undeliverable addresses. Assuming these were not sent by you, check the IP address of the origin of the bounced email. If it is the same as that of your server, then your email account has been compromised. If the IP address is different, then the email was sent from a different server which means that your email address is being spoofed.
To avoid becoming a victim of spoofing, never click on links within a suspect email. Instead, go to the website by typing the URL into your browser. This address should not be taken from the email. If you are asked to reply, never use the reply button. Instead, send a new email using an address you know to be correct. Whether you are asked to reply or click a link, always use a means of responding that is independent of the email sent to you.
For more information about email security or if you would like to discuss your security concerns, please contact us.