Email spoofing is a tactic hackers use to illegally impersonate different people or companies. They fool you into downloading a computer virus or clicking on a malware link because the message looks like it came from a trustworthy source.
It’s one of the many ways cybercriminals can hijack your system or steal private information stored on your computer.
According to Kapersky Securelist, 3.3% of all email messages carry some kind of virus or malware. That might not sound like a big number, but tech experts like the Radicati Group estimate that 294 billion emails were sent every day in 2010 alone.
Suddenly, that 3.3% is nothing to sneeze at!
If you use Gmail or Yahoo! Mail, chances are, most email viruses will just go straight to your spam folder. However, a virus that uses email spoofing may be more likely to slip through.
Let’s take a closer look at this hacking technique and see how you can avoid being tricked by email spoofing.
Case Study: “Scambook Administrator”
Recently, I got an email from “[email protected]” with a subject line that said, “You have a new encrypted message from [email protected].” I knew right away that it was a hoax. We don’t use encrypted messages at Scambook and we don’t have an administrator email.
If you receive an email notifying you of “encrypted messages,” review it very carefully before you take action.
Now here’s one of those “do not try this at home” moments.
If you’re reading this and you received an email from this “administrator”, do not open it. It’s not from us and you should delete it immediately!
But I wanted to see how our domain name was being used. I checked to make sure my anti-virus software was up to date and used a few other special security tricks, then opened it.
This is what the spoof email said:
“You have received an encrypted message from [email protected]. The sender intended for the message contents to be secured by using the Barracuda Email Encryption Service. You can retrieve the message from the Barracuda Networks Message Center.The link to this secure message will expire in 24 hours. If you would like to save a copy of the email or attachment, please save from the opened encrypted email. If an attachment is included, you will be given the option to download a copy of the attachment to your computer. To view your secure message, click here.”
There was no attachment, but the link to my “secure message” contained some sort of virus or malicious software. If I didn’t know it was an email spoofing hoax, I might have clicked the link because of the scambook.com email. That’s exactly what the cybercriminals behind this attack wanted me to do.
Warning Signs: How to Tell if an Email Sender is Spoofed
In this case, it’s important to remember that Scambook will never send you an encrypted message. The “[email protected]” email is not a valid address and we’re not affiliated with any “Barracuda Email Encryption Service” or “Barracuda Networks Message Center.”
We’ll never ask you to download anything, either. If you’re not sure if you have a message from us, you can login into Scambook.com with your username and password. Any new messages will be displayed in your Scambook Dashboard.
But email spoofers use a wide variety of email domains in their scheme, including “@gmail.com,” “@yahoo.com” and sender addresses for sites like PayPal and eBay.
For example, how can you tell if an email from “[email protected]” can be trusted? Look for these warning signs:
1. No personalized greeting. If it’s really from eBay, or another site you’ve registered with, the email will greet you by your username or the name you provided on your account profile. Hoax emails usually skip salutations and just launch into their pitch.
2. A different “reply-to” email address. Whether you use webmail like Gmail or Yahoo!, or an email client such as Outlook, there will be a viewing option to get more information about a sender. Take a moment to familiarize yourself with your email interface until you find it. Then, if you receive an email that says it’s from “[email protected]” but the sender information includes a different “reply-to” address, you’ll know it’s a spoof.
Never download email attachments if you don’t trust the source.
3. External links and email attachments. In general, most companies don’t use third-party message encryption services or send private messages as encrypted email attachments. If you’re not sure, close the email, open a fresh browser session, and go to the website directly by typing in “https://” followed by the URL. If you’ve got a message, you’ll see it after you’ve logged in. If there’s no message, then the email you received isn’t legit.
As always, you should take steps to guard your computer by using a password-protected network, a secure web browser, a firewall and an up-to-date anti-virus software. Scan your system every day for viruses and malware.
When it comes to cyber security, remember that it’s always better to be safe than sorry.
See Also
Email Scam Alert: FedEx Package Undelivered
The 9 Bad Email Habits That Expose You to Scams and Identity Theft
New Phishing Fraud: Unclaimed Property Email Scam Targets Missouri
I am trying to find out if this business is a scam, i am appluing for a pension annunity on my pension. i am a little scared not knowing if this business is for real or not. Thank You
the business is called BuySellaqnnunity.Inc is it a scam or a real business i am scared to do business with this company please if anyone knows anything about this company. Thanks
I’d be very careful rene. Make sure you spell it right as well buysellannuity.inc This is what I could find out about it and it sounds very fishy:
Last August, a California court ruled in favor of a class action suit brought by veterans, ordering Retired Military Financial Service, Inc. to return $2.9 million. The founder of Retired Military Financial Services, Inc., Steven P. Covey defended his company last year in a story published by the Center for Public Integrity’s iWatchNews.org. There, he said, “The position is: We’re purchasing at a discounted lump-sum, future cash flow. We’re not lenders. When you’re not lenders, you’re not dealing in potential usury areas.” He essentially is saying that since his company technically isn’t lending, they should not be subject to laws that govern financial transactions. The Enlisted Association disagrees. According to Stuart Rossman of the National Consumer Law Center, “If these sites are dealing with the issue of military pensions, it’s likely every single one is violating a law.” All firms that offer such lump payments are either assigning military pensions to a third party, which isn’t legal, or they are offering loans without abiding by Truth and Lending Requirements; this is also illegal.
Editors Note: A phone call to Buysell annuity’s contact number 1(800) 240-8601 provided on their website http://buysellannuity.com/?gclid=CI2yyq2f7bACFQhahwodRyXAxQ revealed they would loan $8000 or more against my military pension, VA disability compensation, and Social Security incomes for 3,5, or 10 years. At my expense would be required to purchase a life insurance policy for double the amount of the loan as collateral on the loan in the event of my death. In the event of my death they would collect from the insurance policy the full amount vice any payoff balance at the time of my death. Thus for me the cost of a $8,000 loan for a period of 10 years would be $38,400 or almost five times the amount of the loan. When I questioned the high amount of interest I was told that it was competitive with other companies making pension loans who in most cases charged more. The $38,400 is the result of:
$200 per month for 120 months or $24,000; plus
$128 per month (current age 72 with a heart condition) for a 10 year term policy with $16,000 coverage or a total of $14,400 in premiums.
I gave my information and am not buying life insurance did this person recieve his money cause i have not as of yet that is what i am concerned about cause i gave them all my information and i dont know what they are gonna do with it