One nondescript morning, you open your email to find a message from your bank. They advise you that your account has been compromised and that you need to reset your password using the link provided in the body of the message.
You check the email address and everything looks legit…your spidey sense starts tingling. The sender’s address appears to be that of your bank. But wait…it’s not!
It’s a Spoof!
Phishing is a practice that involves sending malicious communications often through email in order to steal user data. Email spoofing is a form of phishing where scammers employ a variety of techniques in hopes of tricking you into downloading malicious software, clicking dangerous links, or sharing sensitive information.
A spoof email sender masquerades as a trusted source or entity in duping his/her victims into opening an email or text message. Email spoofing is on the rise because most recipients are easily tricked into unknowingly clicking on malicious links and in the process end up installing malware on their devices or involuntarily sharing sensitive information.
The practice of sending fraudulent emails to lure recipients and coax them into opening them has become rampant. According to Webroot, over 1.5 million new phishing sites are created on a monthly basis. In this in-depth guide on email spoofing, you’ll learn what email spoofing is all about and how you can protect yourself against it.
If you receive a strange email from an address that you don’t recognize at all, you can always look up who’s emailing you.
What Is Email Spoofing?
Email spoofing is a popular tactic of forgery used in creating an email header to make the message appear to have originated from somewhere or someone other than the actual sender. The hostile tactic is commonly used in spam campaigns and phishing as most people are likely to open an email when it appears to come from a familiar sender.
According to a report collected by Verizon, 30% of phishing messages are opened by the targeted email users. The goal of email spoofing is to lure recipients to respond to a solicitation or open an email and click on a link.
While email spoofing is popularly used by cybercriminals to steal sensitive data, the tactic can also be used to avoid spam email blacklists, tarnish the image of the mimicked source or commit a cybercrime such as identity theft. IBM estimates that the average financial cost of such a data breach is $3.86 million.
How Does Spoofing Work?
With a Simple Mail Transfer Protocol (SMTP) server and mailing software such as Gmail, it’s easy to spoofing an email address. The scammer basically composes an email message and through forgery creates fake fields found within the message header such as FROM and REPLY-TO addresses.
When the recipient receives the email, it appears as if it came from the address they select. Email spoofing is, therefore, possible because SMTP doesn’t have a mechanism for truly addressing the issue of authentication. Furthermore, the adoption of the already developed sender authentication mechanisms and protocols has been discouragingly slow.
By inspecting the source code of a suspicious email, you can find the email’s originating IP address and even trace it back to the real sender. You should also look out for the soft-failed Sender Policy Framework (SPF) sign. RFC 7208 defined this protocol as a check for authenticating email senders.
Meaning, a fishy email can still be delivered even after it has soft-failed the protocol’s check.
Why Email Spoofing Exists
While most spoofed emails can be detected, an average email user might not be able to detect a spoof email address and take the right action. Moreover, most average email users don’t anticipate being victims of email spoofing like larger businesses and corporations that have already educated their employees about the threat and implemented precautionary measures.
If you don’t delete a spoofed email as soon as you detect it, it can cause even more serious problems. For example, you can receive a spoofed email that is forged to appear like it has been sent from a reputable shopping site, asking you to provide your credit card information.
Alternatively, the false email may include a link that installs malware on your device once you click to open it. Spear phishing attacks are also often used to attack businesses in the form of a spoofed email that appears to have been sent by the company CEO or some other high ranking employee. Often it takes the form of a request for login credentials for internal system access, a wire transfer, or a similar standard type of request.
If a spoofed email does not appear dubious or suspicious to the user, it’s likely to go unnoticed. This is usually the case because most people don’t open and inspect the source code of suspicious emails.
In general, email spoofing exists because most ordinary email users are not always on the lookout for these fake, spoof email addresses or spoof email senders. In addition, sometimes, it may not easy to detect a spoofed email and delete it, especially if you’re an average email user who has never been hacked before.
How Can You Recognize Spoofing?
You can recognize spoofed emails since it targets you, as a user, directly. Email spoofing will often have some red flags such as a request to provide sensitive information and other personal data.
If an email is advising you to provide your username, password or other personally identifiable information, there is a high likelihood that the email is a spoof. Remember, genuine sites will never ask you for your username and password. Also, a spoofed email will have altered properties.
To ascertain the real sender, look out for:
- RETURN-PATH address
- FROM name/address
- REPLY-TO name/address
- X-ORIGIN address
- SOURCE IP address
How to Secure Yourself from Email Spoofing
Protecting yourself against falsified or spoofed emails can be a daunting task to average email users. On the other hand, experienced IT experts know how to go around the email spoofing tactics or deceptions and engage in email communications without predisposing their information and devices to hackers.
Established brands use Domain-based Message Authentication, Reporting, and Conformance (DMARC), Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM) as foundations of email verification and validation so as to secure their reputation.
An online business that applies these methods to its website domain demonstrates that it’s dedicated to caring for its customers’ safety:
— SPF: Is a protocol for validating emails by providing recipients a way of knowing whether the email they have received from a particular domain is from an IP address that is authorized by that domain.
— DKIM: This is a method for verifying whether the content of an email remained the same. In other words, it is a layer of protection that is added by implementing a private or public key. The authentication process is done using the public and private keys by the receiver and server respectively.
— DMARC: This is a domain authentication protocol that both the SPF and DKIM authentication mechanisms can use to prevent email spoofing. DMARC publishes email validation and authentication policies on what to do when the other two authentication mechanisms have failed, such as reject or deletes a suspicious email.
Tips and Practices To Help Prevent Email Spoofing
- Invest in up-to-date anti-malware software and keep your web protection software active and up-to-date.
- Do not click on suspicious links or download suspicious email attachments.
- Avoid sharing sensitive, financial information via email.
- Do not enter sensitive, private information into insecure links
- Contact the sender separately or contact them through a call or text to verify that they really sent the email.
- Use special tools such as Gmail’s Priority Inbox and strong spam filter settings. Learn how to detect falsified email headers before you open them.
- Double-check the sender address of any suspicious emailsVerify a real sender of a spoof email address by conducting reverse IP lookups.
- Audit various email accounts to verify that they positively respond to SPF and DMARC authentication protocols.
Anyone can be a target of email spoofing. As always, the weakest link in security is the end-user. It’s imperative that you take the necessary precautions in protecting your PCs and mobile devices such as smartphones and tablets against email spoofing.
You shouldn’t assume that cybersecurity is a concern limited to small businesses and corporations as it can, and often does, affect individuals. Educating yourself on the threat represented by email spoofing and keeping your guard up are the best way to stay secure.