What Is Email Spoofing – And How Does It Work?
Cyber criminals and spammers use email spoofing to trick email recipients into believing that they have received a message from someone they know or an account they trust.
To commit an email spoofing attack, the attacker forges a fake email header. It displays a familiar (but fraudulent!) name to the recipient.
Because most people take for granted that an email is from who it says it is from, they don’t notice when an email comes from a spoofed account. These emails will usually prompt them to click malicious links or download files with malware attached.
In organized corporate attacks, email spoofing can lead to the theft of sensitive data and funds.
How Does Email Spoofing Work?
Spoofing schemes can be relatively simple or quite complex.
The attack starts when a sender uses a basic script to configure the “sender” field with whatever email address they want. That means that the sender’s own email address is hidden, and the receiver sees a trusted email address instead.
The most widely used email protocol is Simple Mail Transfer Protocol (SMTP). The SMTP server identifies the recipient’s domain and routes the message to the appropriate server. After this step, the email goes into the recipient’s inbox.
That means that the message actually travels through multiple servers. Each server’s IP address is included in the email header, but very few people look at those headers. Opening and clicking on links and attachments in emails is an automatic process for countless email users. But it opens them up to these attacks.
What Is the Purpose of Email Spoofing?
The scammer’s goal is to convince you, the email recipient, that you have received an email from someone you know or a sender you trust. This can include individuals in your address book or organizations and companies you are familiar with and may have an account with.
These scammers spoof trusted email accounts because they want to take advantage of your trust. They want you to open the links that they include or download the attachments. They may also ask you for sensitive information, such as log-ins, passwords, and bank information.
Email spoofers will target individuals and corporations.
The Most Common Reasons for a Scammer to Commit Email Spoofing
It hides their true identity. A spoofed email’s real recipient is hidden. Without a Sender Policy Framework (SPF), the sender’s identity can be protected.
It helps them to avoid getting sent to spam. Spam filtering is great for users, but bad for spammers. A hacker can use a spoofed email to make their email look legitimate and bypass the filters.
It is a good way to commit identity theft. By spoofing a trusted person or account, the hacker can make themselves look trustworthy. They can use this trust to coerce their target to send them sensitive information.
Is Email Spoofing the Same Thing as Phishing?
Spoofing and phishing often occur at the same time, but they are not the exact same thing.
Email spoofing is an act of identity theft. Phishing is an act of manipulating an individual in order to gain access to sensitive information.
Although email spoofing is one of the many methods that hackers or scammers will use in a phishing scam, they are not the same.
Examples of Email Spoofing
An email spoofer might create an email that looks like it came from your bank. When you receive the email, it is designed to look very close to the usual emails you get from your bank. The goal is to make it similar enough that it convinces you it’s genuine.
At first glance, the email looks like it came from your bank. The display name could say your bank, or even the domain name.
If the fake bank email says that you have to click a link in order to avoid having your account shut down or investigated for fraud, you may be startled enough to click it. While many people think, “I would never fall for spoofing,” the fact is that these attacks can be very sophisticated and difficult to spot.
Cyber criminals use email spoofing because it is effective! In fact, 90% of cyber attacks begin with a phishing email, and many of those are from spoofed addresses.
What Happens When an Email Spoofing Scam Is Successful?
The impacts of these spoofing scams can be detrimental to individuals and businesses.
For example, if an employee of a corporation receives an email that looks like it is from the CEO of the business, they are more likely to comply with the request because it seems that they could face consequences at work if they don’t.
Numerous good employees have been tricked into sending money to their company’s CEO or another executive – and it actually goes to a scammer. This is called CEO Fraud or Business Email Compromise (BEC).
The damages can be massive. In 2016, a group of high-ranking executives at Mattel sent $3 million to scammers who had successfully spoofed the email address of their CEO, Christopher Sinclair. Fortunately, they were able to get their money back.
Attacks can also be based on a small scale. For example, a scammer might send emails to a large number of recipients from a trusted brand, asking them to log in to change their password or confirm this information. This may or may not be accompanied by a threat of the account being locked or shut down.
When the recipient goes to log in, they provide their login credentials to the hacker. The hacker can now access anything in that account, including saved personal information and even banking details.
How to Check if an Email Was Spoofed
Everyone needs to be aware of how to recognize a spoofed email. Use these steps to protect yourself from phishing scams that start with a spoofed account.
- Maintain vigilance about emails that you receive, especially if they are prompting you to log in to an account, open an attachment, or respond with personal information.
- Check the display name of the sender and the email address to see if they match.
- Look at the email signature. Does any of the information set off any red flags? For example, does the signature use a different name or area code?
- Look at the email headers and check to see if the RECEIVED line matches the email address that appears in the sender field of your email.
You can also determine if the email passes testing for spoofing based on whether your email account uses SPF, DKIM, or DMARC.
If you have SPF, look for the header titled: RECEIVED-SPF. The field should say Pass. if it says Fail or Softfail, you are likely looking at a spoofing situation.
If your email account uses DKIM and DMARC, then look for AUTHENTICATION-RESULTS instead of SPF. This will identify if the email was authenticated according to DKIM and DMARC protocols.
When to Be Suspicious That Spoofing Has Occurred
Some spoofing attacks are more common than others. If you keep your guard up and know what these common attacks look like, you are less likely to fall for one.
- Watch out for unsolicited emails from companies that aren’t just advertising, but are asking you to do something, like log in or change your password.
- Take note of poor spelling and grammar from brands and companies.
- Look at the email address and check for weird addresses, typos, or bizarre titles.
- Be especially skeptical any time you are asked for a password, username, or account number.
- Don’t trust any unsolicited email that tells you that you need to pay for something in Bitcoin or another cryptocurrency.
- The IRS will never email you requesting information from you.
- Scammers will often send emails from FedEx, UPS, USPS, and other shipping agencies, claiming that you owe taxes or customs fees on items that you don’t remember purchasing.
If you learn to avoid falling for email spoofing, you will have a safer and much better online experience!
- Easy Prey Podcast
- General Topics
- Home Computing
- IP Addresses
- Networking Basics: Learn How Networks Work
- Online Privacy
- Online Safety
Many parents assume that grooming is something that happens to other kids, not theirs. But that assumption…[Read More]
In an era where cyber threats are a constant risk rather than a possibility, businesses cannot afford…[Read More]