A “spoofed” email is essentially a “pretend” email when the sender deliberately manipulates the email’s headers to make the message appear as though it was authored by someone else.
For example, you receive an email that looks like it came from your boss, from your bank, or from the government – and the sender’s address will look correct, but deep in the email headers the sender’s email origin is hidden, it’s coming from someone else, and it’s designed to fool you into opening the email and to believe it’s content.
Spoof emails are commonly formatted to appear to arrive from a legitimate source, someone you trust: it could be any of seemingly trustworthy sources and it will mimic an email that you would typically receive.
What is the purpose of spoofing?
In most cases, the spoofed email is part of a scam attack, where cybercriminals are phishing for your private data. Sometimes spoofing is used to trick you into performing financial transactions – buy a fake product or sending money. The main goal of the spoofers is to have you perform an action that would benefit them by giving them access to your various points of data , getting your passwords, your private identity information and so on.
How to detect a spoofed message
You must understand that always remember that emails that appear to be sent from co-workers, family, or legitimate organizations, can possibly be fake emails. This is the case w
Scammers will alter different sections of an email to disguise who the actual sender of the message is. To identify the following examples you will need to open the email headers of a message you suspect has been spoofed. Examples of properties that are spoofed:
- FROM: [email protected] (This will appear to come from a legitimate source on any spoofed message)
- REPLY-TO: it could look like “From” address, but most likely would be blank or completely different from it.
- RETURN-PATH: same as above, it could look like “From” address, but most likely would be blank or different.
There are also other part of email header properties that can be spoofed, but the “from”, “reply-to”, and “return-path” can be easily manipulated using settings in the email client (software), such as Outlook, or Gmail.
In this screenshot, it looks like the person has received a message from their secretary or office assistant, requesting to send money.
Any time anyone should request money from you without any further explanation, you should immediately assume the email is a scam and contact a supposed sender in person, via phone, or any type of communication OTHER than replying to that email. You must confirm the origin of the message.
The next step to take is to take a look at message headers – through the message “properties” option. so you can compare the “From“: field to a “Reply-to” field.
If they do not match, it would be a clear-cut case of a spoofed message. You must immediately report the email as junk and blacklist any address you find that is not matching the “From” field. If you are savvy to block their IP by looking up the “Source IP” field, do it – or forward the email to your IT Support personnel or your Managed Services company so they can take action to protect you.
How Minimize Spoofing
Learn more about spoofing, and help your employees and colleagues to understand its dangers. End-user education is the necessary defense strategy against these types of malicious actionss. If you receive a spoofed message:
- Blacklist any address listed in the REPLY-TO, RETURN-PATH that you have determined to be fraudulent.
- Blacklist the IP discovered as a SOURCE IP (or ask your IT services to do it for you)
- Immediately change the email account password if you have given out any information as a result of dealing with the fraudulent email.
- Alert the rest of your colleagues and employees to the situation.
Spoofing is impossible to avoid – just like you cannot avoid junk mail. It is frustrating, of course – and you have to be on guard and vigilant about receiving any email, even if it looks legitimate.