What is Email Spoofing?
Email Spoofing is a form of impersonation in which an email is sent with a forged email address. This is done to trick the recipient into thinking the email originated from someone that they know or trust instead of the actual source. Scammers use these types of emails to obtain sensitive information knowing that the person is more likely to respond to the email. Email spoofing does not compromise the sender's account. It only makes an email appear to be sent by the sender. This means that if a spoofing email was sent from your account, the scammer will not have access to your sensitive information or emails.
How does spoofing work?
Email spoofing works by scammers using a Simple Mail Transfer Protocol (SMTP) server and an email platform such as Gmail to edit and forge fields within the message header. This means they can customize the information in the following fields:
- Mail from:
- Reply to:
Scammers' ability to forge these fields makes it more difficult to identify spoofing emails for people who are unaware of how these emails work. Therefore it is critical to understand how to recognise these emails.
How to spot spoofed emails?
View the Email Header:
Email headers contain information about the message, such as who sent it, the software used to send it, and whether or not the email has gone through authentication protocols. Viewing an email's header is a great way to identify a spoofing email because it shows the actual email address used to send the email.
- Gmail – Open up the email, and next click on the 3 dots on the right. Here a couple of options will appear. Click on the option to ‘Show Original’.
- Outlook – Double-click the email to open up the email and click File > Properties. At the bottom there’ll be a box called ‘Internet headers’.
Check where the Return-path goes:
The return-path is the email address to which any replies will be sent, and it indicates where the email originated. As the return-path cannot be forged by scammers, it is crucial to check this. Both the Return-path and the 'From:' email should match to ensure that the email has not been spoofed.
Review the subject line:
Most spoofing emails have suspicious and alarming subject lines that frequently threaten recipients with serious consequences, convincing them to take action, and hand over sensitive information. Subject lines such as ‘Your account has been suspended or ‘Someone just used your password. Act now’ are clear signs the email has been spoofed.
Hover over links:
It is important that you do not click on any links sent within emails unless you are 100% certain where the link will take you. However, curiosity can often get the better of us. Hovering over links enables you to see the URL of where the link takes you, allowing you to determine whether or not the link will take you to a suspicious site.
Spelling and grammar:
Spoofing emails often contain spelling and grammar mistakes to get past spam filters. To keep you safe from harmful emails, spam filters look for 'trigger' words. When these words are misspelt, they can pass through spam filters and end up in your regular inbox. Spoofing emails can also be identified by unfamiliar greetings and overly professional vocabulary.
Look out for contact information:
Professional company emails will often include information such as phone number, email address, name and job role of the sender, at the end of the email. Business Email signatures are a great way to check for the validity of the sender and to verify that they’re a part of the company they’re sending the email from.
Prevent Email Spoofing:
Preventing spoofing emails from entering your inbox is a great way to avoid compromising your sensitive information. Here are a couple of ways you can prevent spoofing emails:
- Invest in an email security gateway- Having a strong Email Security Gateway in place can prevent spoofing emails from entering your inbox. Symantec Email Security.cloud contains powerful features that filter spam and protect recipients from spoofing attacks.
- Encrypt your emails- Email encryption can protect the contents of your emails from anyone outside of the email conversation looking to obtain a participant’s information. Encrypting emails in Outlook is as simple as going to File > Encrypt this item before sending the email.
- Use email security protocols – Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC) are key security protocols for preventing email spoofing. Based on the sender's IP address, SPF allows your mail server to determine whether the sender is authorised to send a message on behalf of the domain owner. DKIM nsures that the content of your emails has not been tampered with or compromised. DMARC is a protocol for email authentication, policy, and reporting that combines SPF and DKIM.
- Train your staff- Making your staff aware on how they can protect themselves online can avoid employees from handing over sensitive business information, keeping your business safe. Here is a quick video to help you train your staff on how to better spot emails that have been spoofed.