Tip of the Week: How to Spot and Avoid Email Spoofing
Let’s say you get an email from a close friend. It looks like it’s legitimate, until you check the contents of the message. It’s an advertisement, or it’s trying to get you to click on a link to see something “important.” Regardless of what the content of the message is, you should probably slap that bad boy in the Spam section of your email inbox. You’ve just been the target of email spoofing, and it’s more common than you might think.
Email spoofing is the act of sending a message disguised as someone else. Generally, if you receive what you think is a spoofed message from a friend, this doesn’t mean that the friend has been hacked (although it could be possible). Spoofing has been around for a while, but it continues to be a problem to this day; primarily because phishing has grown more common, and spoofing is an effective way to trick users into believing that phishing messages are the real thing.
How Spoofing Works
Email spoofing is simple enough that pretty much anyone can do it, provided they have the tools to do so. All someone needs to get started with email spoofing is a (SMTP) server, as well as some email software. There are plenty of available free SMTP servers that allow spoofers to show a different sending address, compared to the address that actually sent it. The recipient will still see the true email address, but it will appear to come from the address or name that the spoofer enters.
Still, there are other checks in place that limit the effectiveness of email spoofing. The most notable one is Sender Policy Framework (SPF), which compares the IP address of the sending server to the SPF record of the appropriate domain. If things don’t check out, the receiving server denies the message. The Huffington Post describes how this works using the following example:
Let's say someone tried to spoof Bill Gates (firstname.lastname@example.org): They would send an email on his behalf > the recipient server would then talk back to microsoft.com and say "Hey, I have an email that is coming from 22.214.171.124 stating that it was sent from email@example.com."; > microsoft.com would then tell the recipient server, "No, sorry, it should be coming from 126.96.36.199." and the message would never get delivered.
What You Can Do About It
In general, email spoofing has trouble making it through modern email solutions like Gmail and Outlook. Still, email spoofing can be difficult to identify at times, but this is only if the spoofer has done their homework. Ordinarily, spoofing software will allow the spammer to replicate the name of the person they’re posing as, but the email address they sent their message from might still be intact. To check this, look at the email address next to the name. If it doesn’t match up, chances are you’re dealing with a spoofer.
Another clear giveaway is if the spoofer makes no attempts whatsoever to pose as the person. Does the message hold any links or have any attachments? If the message is unsolicited, there’s a solid chance that it’s a spammer trying to get you to respond or click on specific links. Your best chance of avoiding a phishing scam is to ignore messages asking you to confirm your credentials or similar information. Most organizations like banks or government institutions will never, ever, ask you to update your information through email. Also, never log into a website using links provided in suspicious emails. Always try to navigate to the location through your web browser; otherwise, you could be walking away from one trap and into another.
Taking advantage of a spam blocking solution is a great first step toward keeping your organization free from email spoofers. A comprehensive spam blocking solution like the one that Directive offers allows your employees to go about their days without the hindrance and omnipresent threat of malicious spam messages. To learn more about how your business can take the fight to spam, give us a call at 607.433.2200.