email spoofing

We often receive junk email (spam) where the “From” field will be an address that you will recognise as one of your contacts, a friend or work colleague or claim to come from a legitimate business that you often have dealings with. Even though the sender looks legit the mail might contain an advertisement for Viagra or health food supplement, an email congratulating you for winning the Nigerian lottery, or just a random link to a web site and these emails look extremely legit.  You may even at some point receive a call from a friend or colleague stating that junk mail is going out in their name and asking if they have done something to cause this and how can they stop this from occurring. This is called Email spoofing.

What is Email Spoofing

Because many e-mail programs now regard mail from unknown addresses with suspicion many email spammers will spoof onto their “From:” line an e-mail address which is trusted by the user and will be a member of their white list of acceptable senders. This might be the address of a popular financial institution or a social networking site. In many but not all of these cases, the body of the mail is also designed to resemble a notification from one these services, like ”your bill is ready” or “you have an update,” so click here for details.

If your email recipients complain of having received spam messages from your email address, it is most likely caused because your email account has been compromised or spoofed. If you suddenly find that your inbox is being filled with bounce back messages from emails you do not remember sending, this can be another sign that your account has been compromised or your address is being spoofed. Most spam messages, which have been sent or look to have been sent from your address, will generally bounce back to your actual email account due to not finding any recipient, thus filling your inbox.

Unfortunately, there is currently no perfect solution to prevent the circulation of spam and no way of preventing these spammers from spoofing your email address when sending their spam. Once spammers have possession of your email address there is nothing stopping them.

Examples of Email Spoofing

Another example of email spoofing that is targeting your Paypal login details.

Why do they do it?

Why would someone fraudulently “Spoof” an email?

  • The email spoofer is trying to “phish” your passwords and login names. Phishing is where the dishonest sender hopes to trick you into trusting the email. A false (spoofed) website will be set up to appear like a legitimate online bank website or paid Web service, like eBay. Victims will unwittingly believe the spoofed email and click to the false website and will enter his or her password and login Credentials. Initially the login page will show a message stating the login credentials were incorrectly imputed before actually sending you to the actual legitimate website in the end. the user has no idea that anything has even happened until they see that they account has been cleaned out.
  • The email spoofer is a spammer trying to fill your mailbox with advertising. Using mass-mailing software called “ratware”, spammers will alter the source email address to appear as an innocent citizen, or as a legitimate company or government entity.  The purpose, like phishing, is to get people to trust the email enough so that they will open it and read the spam advertising inside.
  • To give the sender a bad name. Sending out insults or other messages that put the so-called sender in a bad light.
  • Identity theft. Being able to send messages in someone’s name can be the start of an identity theft procedure.
  • Easy to rotate. If you are spamming, you are bound to be blacklisted quickly. If you’re able to switch sender addresses, who cares?

How do they do it?

This is a question asked by everyone. How can spammer connect people who somehow know each other, without having access to things like email address books.

Originally spammers would steal contact lists from malware-infected PC’s, but nowadays doxing is the preferred source of information. Doxing means searching for information on someone using their social media and other websites they might have used.

Once the spammer has an email address they believe you will trust, they simply need to set up an email server (anyone can easily do this) and use one of the many mailing software packages which allow you to spoof, also incredibly easy to obtain. They can then compose the email, input the spoofed email address, and the job is done. You will receive an email that looks like it is from a trusted email address, but it actually isn’t.

What can you do?

How to get rid of spam emails. There is a lot you can do to prevent your address from being used in the first place:

  • Keep your email address private to only your trusted friends and private communities; never post your e-mail address on a web site or publicly viewable forum. Not only will keeping your e-mail address private prevent you from receiving junk mail, more importantly it will prevent spammers from forging your address as the source of junk mail.
  • Keep your contact’s addresses private. Out of respect for your friends and business contacts, safeguard your e-mail address book as if it were gold. Giving it to strangers invites them to send junk mail to your contacts, and/or to spoof their addresses onto junk mail they send to you and others.
  • Don’t give out your friends’ e-mail addresses without their permission. For example, don’t type them into a web site that offers to “send this article to a friend” unless they have a clearly stated privacy policy. Otherwise, if you wish to share a web site with a friend, just copy its address from the address bar of your browser and paste it into an e-mail to your friend, with an explanatory introduction. That way, it will be up to them whether or not to access that site.

Naturally, as spammers get more creative, things get more complex.

  • If something that looks like it might be spam displays a From: name that you know, but an email address that you do not, it’s just spam. Mark it as such and move on.
  • If something that looks like spam displays a From: name that you know and an email address that you recognise as belonging to that name, then it still may be plain old spam, but it’s more likely that this person’s email account has been hacked. You might want to let them know, ideally using something other than their hacked email account.

For more information on how to keep your email secure click on my article on Email Security – Best Practices

One thought on “What is Email Spoofing?”

Leave a Reply

Your email address will not be published. Required fields are marked *