What Is Email Spoofing, How It Works and How to Avoid It

Cyber criminals and spammers use email spoofing to trick email recipients into believing that they have received a message from someone they know or an account they trust. To commit an email spoofing attack, the attacker forges a fake email header. It displays a familiar (but fraudulent!) name to the recipient. Because most people take for granted that an email is from who it says it is from, they don’t notice when an email comes from a spoofed account. These emails will usually prompt them to click malicious links or download files with malware attached. In organized corporate attacks, email spoofing can lead to the theft of sensitive data and funds. Spoofing schemes can be relatively simple or quite complex. The attack starts when a sender uses a basic script to configure the “sender” field with whatever email address they want. That means that the sender’s own email address is hidden, and the receiver sees a trusted email address instead. The most widely used email protocol is Simple Mail Transfer Protocol (SMTP). The SMTP server identifies the recipient’s domain and routes the message to the appropriate server. After this step, the email goes into the recipient’s inbox. That means that the message actually travels through multiple servers. Each server’s IP address is included in the email header, but very few people look at those headers. Opening and clicking on links and attachments in emails is an automatic process for countless email users. But it opens them up to these attacks. The scammer’s goal is to convince you, the email recipient, that you have received an email from someone you know or a sender you trust. This can include individuals in your address book or organizations and companies you are familiar with and may have an account with. These scammers spoof trusted email accounts because they want to take advantage of your trust. They want you to open the links that they include or download the attachments. They may also ask you for sensitive information, such as log-ins, passwords, and bank information. Email spoofers will target individuals and corporations. It hides their true identity. A spoofed email’s real recipient is hidden. Without a Sender Policy Framework (SPF), the sender’s identity can be protected. It helps them to avoid getting sent to spam. Spam filtering is great for users, but bad for spammers. A hacker can use a spoofed email to make their email look legitimate and bypass the filters. It is a good way to commit identity theft. By spoofing a trusted person or account, the hacker can make themselves look trustworthy. They can use this trust to coerce their target to send them sensitive information. Spoofing and phishing often occur at the same time, but they are not the exact same thing. Email spoofing is an act of identity theft. Phishing is an act of manipulating an individual in order to gain access to sensitive information. Although email spoofing is one of the many methods that hackers or scammers will use in a phishing scam, they are not the same. An email spoofer might create an email that looks like it came from your bank. When you receive the email, it is designed to look very close to the usual emails you get from your bank. The goal is to make it similar enough that it convinces you it’s genuine. At first glance, the email looks like it came from your bank. The display name could say your bank, or even the domain name. If the fake bank email says that you have to click a link in order to avoid having your account shut down or investigated for fraud, you may be startled enough to click it. While many people think, “I would never fall for spoofing,” the fact is that these attacks can be very sophisticated and difficult to spot. Cyber criminals use email spoofing because it is effective! In fact, 90% of cyber attacks begin with a phishing email, and many of those are from spoofed addresses. The impacts of these spoofing scams can be detrimental to individuals and businesses. For example, if an employee of a corporation receives an email that looks like it is from the CEO of the business, they are more likely to comply with the request because it seems that they could face consequences at work if they don’t. Numerous good employees have been tricked into sending money to their company’s CEO or another executive – and it actually goes to a scammer. This is called CEO Fraud or Business Email Compromise (BEC) . The damages can be massive. In 2016, a group of high-ranking executives at Mattel sent $3 million to scammers who had successfully spoofed the email address of their CEO, Christopher Sinclair. Fortunately, they were able to get their money back. Attacks can also be based on a small scale. For example, a scammer might send emails to a large number of recipients from a trusted brand, asking them to log in to change their password or confirm this information. This may or may not be accompanied by a threat of the account being locked or shut down. When the recipient goes to log in, they provide their login credentials to the hacker. The hacker can now access anything in that account, including saved personal information and even banking details. Everyone needs to be aware of how to recognize a spoofed email. Use these steps to protect yourself from phishing scams that start with a spoofed account. You can also determine if the email passes testing for spoofing based on whether your email account uses SPF, DKIM, or DMARC. If you have SPF, look for the header titled: RECEIVED-SPF. The field should say Pass. if it says Fail or Softfail, you are likely looking at a spoofing situation. If your email account uses DKIM and DMARC, then look for AUTHENTICATION-RESULTS instead of SPF. This will identify if the email was authenticated according to DKIM and DMARC protocols. Some spoofing attacks are more common than others. If you keep your guard up and know what these common attacks look like, you are less likely to fall for one. If you learn to avoid falling for email spoofing, you will have a safer and much better online experience!