Simply put, email spoofing is an act of forgery, whereby a dishonest source sends an email that appears to have come from a legitimate sender. Spoofing is very popular with phishing
and spam thieves, since recipients are much more likely to open emails that have seemingly innocuous addresses attached to them.
The goal of every sinister spoofer is to have their emails opened and even better, convince the receiver to click on an attachment or link contained within it. The FBI recently reported that email spoofing costs American businesses nearly a billion dollars per year in financial losses.
How Does It Work?
Believe it or not, email spoofing is a relatively simple thing to accomplish, which makes it that much more dangerous for companies of all industries and sizes. Utilizing a SMTP (simple mail transfer protocol) and a mailing software product, such as Outlook or Gmail, a scammer can replicate fields normally found within an email message header. These address fields, including FROM, REPLY-TO and RETURN PATH can be falsified to make it seem that the sender is someone entirely different from the actual source of the email. Thieves are often able to commit these forgeries because SMTP technology doesn’t have a mechanism to address the issue of authentication.
How To Tell If You Have Been Attacked
It takes a little bit of work, but it is possible to figure out if you have been a victim of an email spoofing campaign. Here are some good ways to smoke out the bad guys.
Look At The Email Address
By viewing the actual email address of the sender, instead of just their display name, you can see if the email is coming from a legitimate source. By hovering your mouse over the sender’s name, the actual email address can be seen. If something looks strange or seems fishy, do not open the email.
Matching The Header & Email Address
An email’s header information should match the address from which it originated. Each email provider places their header information in different places, so take the time to learn where it is located for your particular service provider. If the header and email address do not match, consider that a red flag.
The Received Field & Return Path
Anytime a person sends an email or a reply to one, a unique received field is added to the communication’s header. The received field should display an address that matches up with the sender’s name. A warning sign of a having a spoofed email would be if the address does not mirror the received field information. In addition, the header also contains a section called the return path, which is the destination address of any email replies going back to the original sender. The return path needs to match the sender’s name from the initial email.
Why Signature Spoofing Occurs
Here are some of the most common reasons that email based, signature spoofing occurs.
Desire To Hide One’s Identity - A spoofer’s goal is to do harm, so it is only natural that they will go to any lengths to trick their victims and keep their true identities hidden behind the shadows.
Prevent Being Stopped By Spam Protections – Spamming technology will backlist senders quickly if unusual activity is detected. Instead of risking being caught as spam, most spoofers find it much more effective to use fraudulent email addresses.
Taking Advantage Of Trusted Relationships – Spoofers can accomplish their goals of obtaining financial information or other sensitive data if they portray themselves as a business or an individual that the email recipient knows and already trusts.
How To Prevent Signature Spoofing Attacks
Email spoofing occurs when a Simple Mail Transfer Protocol (SMTP) does not have a way to authenticate the identity of an email sender. Although spam technology has come a long way in recent years, the authentication process of determining an email’s true origin can remain an issue. The good news is there are frameworks available that can be a real help in the verification process of incoming email messages.
DKIM (Domain Key Identified Mail) – DKIM uses multiple cryptographic keys that can both sign messages being sent, as well as authenticate ones coming into an email server.
SPF (Sender Policy Framework) – SPF verifies whether an IP address is allowed to transmit email messages from a specific domain.
DMARC (Domain Based Message Authentication, Reporting and Conformance) – DMARC is not in wide spread use just yet, but it provides the email sender with the ability to alert the recipient if an email is protected by DKIM or SPF.
What Can I Do To Protect Myself
There is no way to actually stop email spoofing, as scammers and thieves will continue to do it for as long as they can. The good news however is that there are some great ways to help protect yourself against the damage that can be done by the cyber burglars out there.
Turn Up Spam Filter Settings
Making your spam filters more sensitive to potential email irregularities is a good way to stop the spoofers right in their tracks. An incoming email that fails a SPF check (sender policy framework) will be sent to die in your spam folder.
Be A Better Detective
By learning more about the technical aspects of how email systems work, you can help avoid getting tricked by the spoofing bandits. Get more familiar with reading headers, IP addresses, as well received and return fields. Knowing how to interpret these identifiers will go a long way in detecting a problem right away.
One of the best ways to avoid the damage that can be done by spoofed emails is to never click on an attachment or link from a source that you can’t 100% trust or verify. Even if the email looks like it is coming from a known source, do your homework first before diving in to it. This simple series of steps will save a lot of headaches down the road.
The experts at Gold Comet have worked with businesses of all sizes to help them guard against the threat of email spoofing. While the first line of defense against spoofing is to continually educate your employees about its dangers, our team can also help you implement innovative technology that will greatly minimize your risks.
Contact us today to learn more about how our dynamic, patented and highly encrypted messaging system can protect your company from the spoofers trying to do you harm.
Contact Us Now!