By now, you know better than to send money to a Nigerian prince who needs help accessing his fortune, and you might be suspicious if your bank sent you an email asking for information it already has. But what if one of your friends or family members sent you an email asking for cash to get them out of a bind–a small wire transfer or prepaid card?
Of course, you want to help, and you know they’ll pay you back. You’d probably fall for this spoof email, but a stranger sent it.
Spoofed emails are similar to phishing emails, which lure you into giving up sensitive information. Spoofed emails may do the same, but they can also be spam, scams, or attempts to get you to download malware.
The hallmark of email spoofing is that it arrives disguised as being from someone else. Sometimes the spoofed person’s account has been hacked, but usually not.
All an email spoofer really needs is an SMTP server and email software. The SMTP server allows the spoofer to display a fake sending address. If you hover your mouse over it, you can see the actual email address, but most people won’t check before it’s too late.
Fortunately, technologies exist that make a dent in email spoofing. For example, Sender Policy Framework (SPF) communicates with the server associated with the spoofed domain, comparing the IP address of the actual sending server with that of the SPF record of the spoofed domain. If the two IP addresses do not match, the spoofed email won’t land in your mailbox.
SPF makes a dent, but spoofed messages may still arrive in your email inbox. Get in the habit of comparing the person’s name and email address in the message. For example, if you receive an email from firstname.lastname@example.org but the message’s header shows that the email doesn’t match, you could be dealing with a spoofed email.
Another clue is when the message doesn’t match what you know about the sender. For instance, you know what messages from your mom usually look like. If a message has an unusual greeting, subject, or tone, be suspicious.
In general, if a message contains a link or an attachment, be skeptical. Don’t click links; they’re easy to spoof. Type URLs directly into web browsers. Keep in mind that most large organizations will never ask you to update or confirm your information through email.
What else can you do about email spoofing? Quikteks offers a comprehensive spam blocking solution that protects your inbox from most spam, spoofed messages, phishing messages, and malware. However, no spam blocker is 100% foolproof.
To learn more about protecting your inbox, give us a call at (973) 882-4644. We can help!