Email Spoofing

Ever get a message from your aunt or uncle requesting you click on a link to send them money for an emergency? Have your received an email allegedly from a coworker asking you to check out some sexy photos? Maybe you’ve seen a message where your financial institution requests you click on a link and provide your logins and other personal information they should already know. There are many ways nefarious types try to scam innocent people on the Internet. Some scammers use email technology to create imposter emails that appear to be from a trusted source as a tactic to solicit personal information, spread a virus, or sometimes just to spread spam. This is called “email spoofing” and it’s sadly very common and impossible to stop.

How Emails Are Spoofed

Unfortunately, there’s an entire class of software out there that people can use to spoof emails. Emails may be spoofed on a case-by-case basis, but that’s not usually in the spammer’s best interests. Email spoofing is a numbers game- the more that go out, the more likely it is someone will fall for it. By using software, a spammer can send out batches of thousands of these emails.

How Spammers Acquire, and Use, Your Email Address

Spoof Email Taking Money & Credit Card Info

Due to hackers releasing the private information of people from all over the world, your email address probably found its way onto a spammer’s list quite some time ago. You may have filled out a form online on a website that was collecting email addresses for just this purpose. Given your email address away when you were participating in a contest. It may have fallen into the wrong hands after a hack. That list continues to be shared in the spammer community. Remember- although it’s annoying to receive spam, as long as you are diligent about password protection, chances are, no one is going to be able to access your email but you.

Spammers may not have your email address- but they likely have the email address of someone in your network. Utilizing self-replicating worms is a tactic to continue to get the emails to spread. When someone clicks on the link provided in the spam email, their email becomes compromised and that same email is then sent to everyone in their email address book using their credentials and making this threat particularly vile. That email in fact has originated from where it claims to have and is therefore easy to fall for.

Why Do Spoofing Emails Exist?

There are several reasons to send out spoofed emails. Most of the time, they are just annoying marketing jabs- you’ll quickly identify them as a scam and ignore them. However, some include a link or request that you download an attachment. These emails may contain a virus, malware or ransomware that can render your computer useless, read your files and steal your personal information, or encrypt your computer making it impossible to access any of your files. Others want you to divulge your personal information either by replying with it to the spoofed email, or by directing you to a link where you would plug that information in yourself in a form.  This could result in your bank account being drained or your identity stolen. All of these things have the potential for long lasting repercussions.

What Can You Do: How to Protect Yourself Against Spammers

First and foremost, you should protect your passwords just as you would protect your website and make sure to have the most up to date versions of all the software on your computer, especially virus protection software and antimalware. Your email provider may produce a warning when it believes it detects problematic email, but you cannot count on that to protect you every time. The technology improves daily, but it’s not at all infallible and scammers are working overtime to find ways around it.

Secondly, and truly, the most useful tactic is being skeptical. Would your dear old homebody Aunt Sally really ask you to send her money because she’s stranded in Moscow? Your sweet coworker doesn’t at all seem the type to not only take, but share within the company, naughty photos most of the time- perhaps this email isn’t what it might seem. A healthy dose of skepticism is your best bet. If you aren’t sure that the email you just received from your bank is legitimate- call them, or go to their homepage directly to clear this up and don’t click on the link attached to the email. Pick up the phone and check in with your aunt-if she needs money, she can tell you during the call. Be kind and let your coworker know that it’s likely their email address has been compromised so they can change their password and warn other people not open that latest message.

If an email seems clearly out of character for the sender, or if you think something may be off, use caution and speak with the sender directly to sort it out. Unfortunately, it does not look like we’ll be seeing the end of email spoofing any time soon, so until that time comes, be cautious and protect yourself. In the meantime, if you are dealing with an episode of email spoofing, the only thing you can do is wait it out and take the precautions described above.