Written by William Song

Email Spoofing Main Image
Image Source: www.lifehacker.com/how-spammers-spoof-your-email-address-and-how-to-prote-1579478914

We’ve all, at one point or the other, received an email from some random exotic billionaire who doesn’t know what to do with all his riches and so has decided to give it to you. While your bank balance might be happy at the prospect of such a turn of events, things are never that simple. You might be victim to an email spoofing attacks!

WHAT IS EMAIL SPOOFING?

Email Spoofing (2)
Image Source: www.blogs.sun.ac.za/it/files/2016/01/phishing.gif

When you receive an email that appears to be from a trusted source, but is actually from a suspicious source, that is most popularly called email spoofing. The person on the other end usually pretends to be someone you can trust in order to get important data from you – such as passwords, sensitive personal information, and bank details.

WHAT ARE SOME EXAMPLES OF EMAIL SPOOFING?

Email Spoofing (1)

  • An email from a system administrator asking you to change your password by clicking a certain link. The email will tell you that if you do not click the link, your account will be suspended.
  • An email from a person of authority requesting you to send them passwords and sensitive information
  • An email from your bank requesting you to transfer money into different bank accounts or asking you for your card details.

7 TIPS TO PROTECT YOURSELF FROM EMAIL SPOOFING

Email Spoofing (1)
Image Source: www.hututoo.com/upload/wWOvdHq2agY8TnpSXLGl.png

1. Don’t trust the display name of an email. Email Spoofing Wrong Email Address

A favourite spoofing tactic among cybercriminals is to change email display names to look legitimate. If you look at the example above, at first sight you may assume it’s an email from Microsoft. But if you look at the spelling correctly – @micorsoft.com, you’ll see that it’s not legitimate because the email is not from Microsoft. Most browsers or email addresses will now tell you if an email is suspicious. However, to be on the safe side, DO NOT open any links in the email or disclose any confidential information. DO NOT trust the phone numbers in the email. Always refer to the company’s official website and official phone numbers and email addresses.

2. Beware of harmful email addresses and links dressed as legitimate ones. 

Email Spoofing
Image Source:  www.dds.com/Help-Center/Email-Setup-Guides-and-Webmail-Features/Email-Spoofing

Some hackers cleverly change certain properties of the email address to make it look legitimate. For example, in the email above, the email address looks real. However, here are some reasons to be suspicious of it. 1) It contains a Word document attachment with subject title full with exclamation marks. Google will never send Word document to any non-business users. 2) Most companies will not reveal the security code in the subject of your email. Genuine emails have security codes in the actual email content. 3) Google will never send a winning confirmation email to any email users!

A key thing to keep in mind is if you’ve ever received official email like that before and if you think the email is suspicious, call the email sender or company to confirm if that email is legitimate.

Email Spoofing 2
Image Source: www.dds.com/Help-Center/Email-Setup-Guides-and-Webmail-Features/Email-Spoofing
Email Spoofing 3
Image Source:  www.dds.com/Help-Center/Email-Setup-Guides-and-Webmail-Features/Email-Spoofing

Another example of this sort of email spoofing is pictured above. It appears to be from Craigslist. However, when you place your mouse over the link without actually clicking it, it will show you that it leads to a suspicious site where you will probably be asked for sensitive information. DO NOT click on the links and delete such emails immediately.

3. Be wary of ‘urgency’ or ‘threats’ in the subject line.

This is another common technique in which cyber-criminals claim your ‘account has been suspended’ or that there has been an ‘unauthorised login attempt’. This causes us to panic and reveal information just to make sure we are safe. Instead of giving in to fear, call the appropriate authority where necessary. DO NOT click or download anything from that email. If you want to make doubly sure you haven’t been hacked, go to the official website where you have your account and change your password there.

Email Spoofing (1)
Image Source: www.kingston.ac.uk/it-security/includes/img/static/LLOYDS.gif

4. Check for spelling mistakes. 

Big brands are always serious about good writing, grammar and punctuation. Often, the emails go through many layers of proofing before it is sent out. If there is poor grammar or a lot of spelling mistakes, be on guard. Read your emails carefully and report anything that is suspicious.

5. Review the signature.

Official emails always come with full names and designations, along with contact details. If details about the author of the email is missing, you should be cautious.

6. Do NOT click on attachments.

Attachments are the best way to steal your information. Downloading a file can lead to malware being installed on your computer. Malware can damage files on your computer, steal your passwords, spy on you without your knowledge. DO NOT open any attachments you weren’t expecting.

7. Do NOT give up personal information.

Most companies will never ask for personal credentials via email. If they require security pins to be filled in, passwords to be revealed, do not give it up. Call the company to confirm if that email is legitimate.