Phishing and spam emails are a nuisance to anyone who receives them. There has been a steady increase in the number of phishing emails that mimic well-known, trustworthy organizations in order to gain personal information from the recipient. This type of phishing is known as email spoofing.
How does email spoofing work?
Email spoofing is phishing technique where the sender of an email has been changed to appear as someone or somewhere else. This is done by forging the header of an email and changing the address in the “from” field. To do this, all a spammer needs is access to a mail server with an open SMTP (Simple Mail Transfer Protocol) port and software that allows them to get past spam filters.
Most mail clients have policies in place to block these emails, such as SPF, DKIM or DMARC, but these can sometimes be unreliable and some spoofed emails still get through.
What is the purpose of email spoofing?
Most commonly, email spoofing is used as a way to gain sensitive information from the recipient by using “scare tactics” such as stating their account details need to be verified, or that the account has been compromised.
Another reason that spammers use email spoofing is to con organizations out of money. This is also known as spear phishing, where a spammer will spoof an email address of someone in authority within the organization they are spoofing. The spammer will request for a large sum of money to be transferred to a bank account, something which many people have fallen for.
The other most common reason a spammer uses email spoofing is to install malware onto a recipient’s device. They will do this by including either a link or an attached file in an email, which will infect the device when opened. Many people fall for this as a spoofed email is much more likely to be opened if it looks legitimate. The body of the message will usually look very similar to standard emails sent by these organizations, making them sometimes hard to identify.
How to protect yourself from email spoofing
Most email clients have rules in place that stops spam getting through. However, it is important to know how to spot scam and phishing emails if they ever end up in your inbox.
As with any type of spam, the best ways to protect yourself are to:
- Enable spam filters and antivirus software.
- Not open any links or attachments unless you are 100% sure they are safe.
- Learn to read message headers to identify the original sender.
- Never enter sensitive information on an unsecured website.
- Check in person or over the phone with the alleged sender if you are asked to transfer money over email.
If you ever receive an unexpected email that you believe may be from a spoofed sender, report it to your email provider. Be wary of any email you receive that asks you to enter details, as this will most definitely be a phishing attempt.