Email Spoofing: forging the sender's email address

The world of email has changed dramatically over the years. In the early days, email was mostly used for sending messages to family and friends. Today, it's easier than ever to make an email appear that it is from someone else's account. But if you're worried about your personal information or business reputation being compromised by hackers who spoof their emails, then you should know about this new threat to your privacy and security.

What is email spoofing?

Photo by Sander Sammy / Unsplash

Spoofing is when a hacker sends an email from a fake address. It's a way to trick people into giving out personal information like passwords and credit card numbers.

In addition to being illegal in many countries, spoofing is also against the Terms of Service of most email providers. Many email providers will also notify you if they suspect that an email address is fake. Gmail, for example, will show a red alert at the top of your inbox saying “This message may be forged” and “The 'From:' field was not part of the message header."

If you receive an email from someone you don't know, it's a good idea to verify the authenticity of the sender. If they have a website or social media profile, look for it there. If not, call their support line and ask if they sent you an email message.

Types of email address spoofing

Blocking / deleting - one of many steps to get a friendly social media  apperance.
From "Money for nothing and content for free?" by Landesanstalt für Medien NRW, CC-BY-SA 4.0
Photo by Mika Baumeister / Unsplash

Spoofing is the act of forging the sender's email address. This can be done in several ways:

Changing the name of the sender to look like someone else (for example, if a scammer were to send an email from "John.Smith"@gmail.com instead of "Jack.Smith"@gmail.com).

Using a very similar domain name to the genuine source (for example, sending from "johndoe@gmail.com" instead of "johnsmith@gamil.com"). The more similar you make these domains look, the harder it is for recipients to tell which one is real and which one isn't—and this makes spoofing all that more effective for scammers!

Compromising SMTP servers by sending out spam emails without authorization from their owners; these compromised machines are called zombie computers because they're used against their will in order to send malicious content throughout cyberspace!

Examples of email spoofing scams

Sign of the @ icon.
Photo by Onlineprinters / Unsplash

Email spoofing scams come in many flavors and sizes. They can get very creative as well. Some are used to steal your identity, some to take your money, and others are malicious attempts to infect your computer with malware. For example:

  • Phishing: An email that appears legitimate but is actually a scam designed to trick you into providing personal details such as passwords or credit card information.
  • Malware: A virus hidden in the attachment that can infect your computer, allowing hackers to access sensitive data stored on it.
  • Ransomware: A type of malware that encrypts files on an infected computer and demands payment (typically in bitcoin) before they will be unlocked.

Why do hackers spoof addresses?

Someone programming a website in HTML. But also a photo suitable for hackers. ;)
Photo by Mika Baumeister / Unsplash
  • To trick you into paying for something. If you get an email that looks like a bill or a message from your bank, hackers can spoof the sender's address to make it seem like they're coming from someone in your contacts list.
  • To lure you into opening an attachment. Hackers know that many people will click on anything to see what it is, so they will send out spoofed emails with enticing subjects or attachments that look like they're legitimate files but are actually malware designed to infect your computer with viruses and spyware (which can be used to steal your passwords).
  • To steal personal information. If hackers know who you are before contacting you, they may be able to use this information for identity theft purposes by pretending that they are someone else and asking questions about where their account details are stored online (e.g., PayPal), how often payments happen (e.g., credit card bills), etc., which could lead them straight into finding out where all of these things are located across different websites and services so that it makes it easier for them later on when stealing money from those accounts through other means such as hijacking login credentials via keylogging software installed onto devices belonging​

How to prevent email spoofing

KEEP SAFE letter tiles on white background
Photo by Clarissa Watson / Unsplash

As we've discussed, there are several ways you can prevent your email address from being forged by spammers. The most important step you can take is to set up DMARC records on your domain and configure SPF, DKIM, and other security measures in order to prevent abuse of your domain. While this does not solve all problems of spoofing it goes a long way in preventing many common cases of fraudulent emails.

1. Never click on a link to access a website that requires you to enter confidential information. Always type the domain name into your browser, then authenticate directly with the site itself.

2. Be wary of emails that create a sense of urgency or danger. Fraudulent attacks often imply that something bad will happen if you don't act quickly.

3. If you find an email suspicious, copy the content into Google. It is likely that it's a scam that was made from the text that was used previously.

4. Be wary of opening attachments from senders you don't know well.

5. Never send your usernames, passwords, or other sensitive information in emails. You can be sure that banks and other companies where you are registered users won't ever ask for this type of info via email.

6. Online scams often promise riches or rewards, so if you receive an email that sounds too good to be true, ignore it—or better yet, delete it.

7. Email programs offer different ways to view the header of an email message. So, first of all, research exactly where you are accessing this information so that if you receive a suspicious message—such as an email with formatting or links that do not seem familiar—you can verify its authenticity by looking at the header data or source code of the message.

8. Beware of messages that are related to financial institutions, such as one telling you your bank account is about to be closed or payment has not been successfully made.

9. Be wary of emails or texts that appear to come from someone you know but contain errors in spelling, sentence structure, etc.

Have you ever received a strange email but are unsure if it is real or a scam? You may always get in touch with our assistance if you have web hosting with us and the email box is set up on a noxity server. Upon your request, we will confirm the validity of the sender and assist you in configuring your email inbox so that you get the least amount of fraudulent mail possible.

Conclusion

Email spoofing is a serious problem for businesses and individuals alike, but there are steps you can take to protect yourself. The first step is to make sure that you always verify the sender’s email address. You can also use an app like Gmail Security Checkup which will alert you when an email looks suspicious by suggesting that it might be a phishing attempt or a fake account trying to steal your information.