{"id":1005,"date":"2019-04-09T23:47:54","date_gmt":"2019-04-10T03:47:54","guid":{"rendered":"https:\/\/www.thexyz.com\/blog\/?p=1005"},"modified":"2022-09-04T10:00:50","modified_gmt":"2022-09-04T14:00:50","slug":"what-is-email-spoofing","status":"publish","type":"post","link":"https:\/\/www.thexyz.com\/blog\/what-is-email-spoofing\/","title":{"rendered":"What is email spoofing?"},"content":{"rendered":"

[et_pb_section fb_built=”1″ admin_label=”section” _builder_version=”4.16″ global_colors_info=”{}”][et_pb_row admin_label=”row” _builder_version=”4.16″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||”][et_pb_text admin_label=”Text” _builder_version=”4.16″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}”]<\/p>\n

Email spoofing comes from the word spoof<\/strong>, which is basically another word for falsified<\/strong>. An email has been spoofed when the sender deliberately alters parts of the email to make the message appear as though the email sender, sends emails as someone else. Usually, a spoofed email address will contain personal information such as the sender\u2019s name or email address, and the body of the message is formatted to appear as if they are from a legitimate source.<\/p>\n

A spoofed message can appear to be sent from a coworker, a bank, a family member, or any number of seemingly trustworthy sources. A good spoof is quite convincing and will look like any other email that you would normally receive. This is why email phishing remains one of the leading causes of business email compromises along with social engineering attacks.<\/p>\n

\"suspicious<\/p>\n

\n\t\t\t\t\t
Warning: If you suspect you have received a fraudulent message DO NOT click any link in the message or enter any information that is requested.<\/div><\/div>\n

What are the reasons why people spoof email?<\/h3>\n

An email is usually spoofed as part of a phishing attack or spear-phishing campaign targeted towards specific employees of an organization.<\/p>\n

A spoofed email may also be used to dishonestly market an online service or sell you a product that turns out not to be real. The goal of the email is to trick the recipient into making a damaging statement or releasing sensitive information, such as a password through malicious links. If for example, you’re receiving bounced emails returned to you for messages that you did not send, this could be the result of a spoofing attack on your email service.<\/p>\n

How to Identify a spoofed message<\/b><\/h3>\n

It is imperative that all email users understand that emails that appear to be sent from colleagues or friends can possibly be forged emails. This is the case when scammers will alter different sections of an email to disguise who the actual<\/em> sender of the message is.<\/p>\n

\"Sender<\/p>\n

When a user receives an email, they may be able to recognize an email spoofing attempt by hovering over the sender’s email address to see it in fact the expected email address. With some devices or email clients, this level of diligence may not be sufficient to view sender addresses and it will be necessary to open the email headers<\/strong><\/a> of a message to view data on email protocols and\u00a0email authentication via simple mail transfer protocol (SMTP).<\/span><\/span><\/p>\n

Examples of properties with the email that are spoofed:<\/p>\n

FROM<\/strong> boss@companyexample.com <\/a>(This will appear to come from a legitimate source on any spoofed message and may make it through spam filters on the receiving server)<\/p>\n

REPLY-TO<\/strong> This can also be spoofed, but a lazy scammer will leave the actual REPLY-TO<\/strong> address. If you see a different sending address here, the email may have been spoofed.<\/p>\n

RETURN-PATH<\/strong> This can also be spoofed, but a lazy scammer will leave the actual RETURN-PATH<\/strong> address. If you see a different sending address here, the email may have been spoofed.<\/p>\n

SOURCE IP<\/strong> address or \u201cX-ORIGIN\u201d address. This is typically more difficult to alter but it is possible to alter the IP of the mail server to another internet service<\/span>.<\/p>\n

These first three properties can be easily altered by using settings in your Microsoft Outlook, Gmail, Hotmail, or other email software. The fourth property above, IP address, can also be altered, but usually requires more sophisticated user knowledge to make a false IP address convincing on a SMTP server (simple mail transfer protocol).<\/p>\n

\"Email<\/p>\n

 <\/p>\n

In this example, it appears that the recipient has received a message from their office assistant, requesting money. The subject<\/strong> line should alert you immediately that it is in fact a spam email. This user should contact their assistant through another form of communication to confirm that they did not send this message. Next, you will want to discover who actually sent the message by opening the message headers.<\/p>\n

\"Pointing<\/p>\n

 <\/p>\n

From:<\/strong> field shows the message being sent from “Assistant” assistant@yourdomainexample.com<\/a><\/strong>. However, we can also see that the<\/p>\n

REPLY-TO:<\/strong> field lists spoofer@scam.com<\/a><\/em>. That is a clear cut example of a spoofed message. You will want to Blocklist any address you find in the<\/p>\n

REPLAY<\/b> RETURN-PATH<\/strong>, and SOURCE IP<\/strong> field that is not an address\/IP you normally receive mail from. For more information on viewing and understanding email headers, please see View email headers in Webmail.<\/a><\/p>\n

How to fight email spoofing<\/h3>\n

Even with strong email security, the first line of defense against this abuse is user education, If a user receives a spoofed message, please advise them to do the following.<\/p>\n