What Is Email Spoofing?
Simply put, email spoofing is an act of forgery, whereby a dishonest source sends an email that appears to have come from a legitimate sender. Spoofing is very popular with phishing
and spam thieves, since recipients are much more likely to open emails that have seemingly innocuous addresses attached to them.
The goal of every sinister spoofer is to have their emails opened and even better, convince the receiver to click on an attachment or link contained within it. The FBI recently reported that email spoofing costs American businesses nearly a billion dollars per year in financial losses.
How Does It Work?
Believe it or not, email spoofing is a relatively simple thing to accomplish, which makes it that much more dangerous for companies of all industries and sizes. Utilizing a SMTP (simple mail transfer protocol) and a mailing software product, such as Outlook or Gmail, a scammer can replicate fields normally found within an email message header. These address fields, including FROM, REPLY-TO and RETURN PATH can be falsified to make it seem that the sender is someone entirely different from the actual source of the email. Thieves are often able to commit these forgeries because SMTP technology doesn’t have a mechanism to address the issue of authentication.
How To Tell If You Have Been Attacked
It takes a little bit of work, but it is possible to figure out if you have been a victim of an email spoofing campaign. Here are some good ways to smoke out the bad guys.
Look At The Email Address
By viewing the actual email address of the sender, instead of just their display name, you can see if the email is coming from a legitimate source. By hovering your mouse over the sender’s name, the actual email address can be seen. If something looks strange or seems fishy, do not open the email.
Matching The Header & Email Address
An email’s header information should match the address from which it originated. Each email provider places their header information in different places, so take the time to learn where it is located for your particular service provider. If the header and email address do not match, consider that a red flag.
The Received Field & Return Path
Anytime a person sends an email or a reply to one, a unique received field is added to the communication’s header. The received field should display an address that matches up with the sender’s name. A warning sign of a having a spoofed email would be if the address does not mirror the received field information. In addition, the header also contains a section called the return path, which is the destination address of any email replies going back to the original sender. The return path needs to match the sender’s name from the initial email.
How To Stop Email Spoofing & Protect Yourself
There is no way to actually stop email spoofing, as scammers and thieves will continue to do it for as long as they can. The good news however is that there are some great ways to help protect yourself against the damage that can be done by the cyber burglars out there.
Turn Up Spam Filter Settings
Making your spam filters more sensitive to potential email irregularities is a good way to stop the spoofers right in their tracks. An incoming email that fails a SPF check (sender policy framework) will be sent to die in your spam folder.
Be A Better Detective
By learning more about the technical aspects of how email systems work, you can help avoid getting tricked by the spoofing bandits. Get more familiar with reading headers, IP addresses, as well received and return fields. Knowing how to interpret these identifiers will go a long way in detecting a problem right away.
One of the best ways to avoid the damage that can be done by spoofed emails is to never click on an attachment or link from a source that you can’t 100% trust or verify. Even if the email looks like it is coming from a known source, do your homework first before diving in to it. This simple series of steps will save a lot of headaches down the road.
The trusted professionals at Gold Comet have many years of experience and knowledge in the area of email spoofing and how to protect against it. Contact us today
to learn more about how our dynamic, patented and highly encrypted messaging system
can protect your company from the spoofers trying to do you harm.
Contact Us Now!