Email spoofing is a tactic hackers use to illegally impersonate different people or companies. They fool you into downloading a computer virus or clicking on a malware link because the message looks like it came from a trustworthy source.
It’s one of the many ways cybercriminals can hijack your system or steal private information stored on your computer.
According to Kapersky Securelist, 3.3% of all email messages carry some kind of virus or malware. That might not sound like a big number, but tech experts like the Radicati Group estimate that 294 billion emails were sent every day in 2010 alone.
Suddenly, that 3.3% is nothing to sneeze at!
If you use Gmail or Yahoo! Mail, chances are, most email viruses will just go straight to your spam folder. However, a virus that uses email spoofing may be more likely to slip through.
Let’s take a closer look at this hacking technique and see how you can avoid being tricked by email spoofing.
Case Study: “Scambook Administrator”
Recently, I got an email from “firstname.lastname@example.org” with a subject line that said, “You have a new encrypted message from email@example.com.” I knew right away that it was a hoax. We don’t use encrypted messages at Scambook and we don’t have an administrator email.
Now here’s one of those “do not try this at home” moments.
If you’re reading this and you received an email from this “administrator”, do not open it. It’s not from us and you should delete it immediately!
But I wanted to see how our domain name was being used. I checked to make sure my anti-virus software was up to date and used a few other special security tricks, then opened it.
This is what the spoof email said:
“You have received an encrypted message from firstname.lastname@example.org. The sender intended for the message contents to be secured by using the Barracuda Email Encryption Service. You can retrieve the message from the Barracuda Networks Message Center.The link to this secure message will expire in 24 hours. If you would like to save a copy of the email or attachment, please save from the opened encrypted email. If an attachment is included, you will be given the option to download a copy of the attachment to your computer. To view your secure message, click here.”
There was no attachment, but the link to my “secure message” contained some sort of virus or malicious software. If I didn’t know it was an email spoofing hoax, I might have clicked the link because of the scambook.com email. That’s exactly what the cybercriminals behind this attack wanted me to do.
Warning Signs: How to Tell if an Email Sender is Spoofed
In this case, it’s important to remember that Scambook will never send you an encrypted message. The “email@example.com” email is not a valid address and we’re not affiliated with any “Barracuda Email Encryption Service” or “Barracuda Networks Message Center.”
We’ll never ask you to download anything, either. If you’re not sure if you have a message from us, you can login into Scambook.com with your username and password. Any new messages will be displayed in your Scambook Dashboard.
But email spoofers use a wide variety of email domains in their scheme, including “@gmail.com,” “@yahoo.com” and sender addresses for sites like PayPal and eBay.
For example, how can you tell if an email from “firstname.lastname@example.org” can be trusted? Look for these warning signs:
1. No personalized greeting. If it’s really from eBay, or another site you’ve registered with, the email will greet you by your username or the name you provided on your account profile. Hoax emails usually skip salutations and just launch into their pitch.
2. A different “reply-to” email address. Whether you use webmail like Gmail or Yahoo!, or an email client such as Outlook, there will be a viewing option to get more information about a sender. Take a moment to familiarize yourself with your email interface until you find it. Then, if you receive an email that says it’s from “email@example.com” but the sender information includes a different “reply-to” address, you’ll know it’s a spoof.
3. External links and email attachments. In general, most companies don’t use third-party message encryption services or send private messages as encrypted email attachments. If you’re not sure, close the email, open a fresh browser session, and go to the website directly by typing in “https://” followed by the URL. If you’ve got a message, you’ll see it after you’ve logged in. If there’s no message, then the email you received isn’t legit.
As always, you should take steps to guard your computer by using a password-protected network, a secure web browser, a firewall and an up-to-date anti-virus software. Scan your system every day for viruses and malware.
When it comes to cyber security, remember that it’s always better to be safe than sorry.