What is email spoofing?
Email spoofing is something which is becoming more common when hackers are conducting a phishing or scamming campaign. It is the forgery of an email header so that the email appears to be from someone or somewhere else. This is an effective way of enticing the recipient of opening the email as it looks like it has come from a legitimate source. The goal of the hacker is usually to get the user to take action i.e. open an attachment, click on a link or if a hacker is being more targeted; asks the user to make a transaction.
What does a spoofing email look like?
Below is an example of a spoofing email. You will note that the header has a recognised name but the actual email address which it has been sent from is random and does not look legitimate.
How to identify a spoofing email?
There are some key factors to watch out for when looking for a spoof email:
- Check the actual email address which the email has been sent from and if it does not match the senders name it may be a spoof email.
- If you notice the spelling and grammar in an email is very inconsistent this is often a sign of a spoof email.
- The email content will usually be asking you to take an action i.e. click on a link or open an attachment. If this is unusual for the sender you should be alerted by this. Another way to check if a link is legitimate is if you hover over the link the URL should display. If you do not recognise the URL do not click on the link.
What to do if you receive a spoofing email?
If you receive a spoofing email do not click on any links or open any attachments accompanying the email. Delete the email immediately and contact Portal Technologies to ensure your systems are still safe and secure. The main thing to remember about spoofing emails is that they play a larger part of the campaign. Hackers are now using social engineering to attack businesses which means the attacks are more targeted at individuals using personal details to engage trust with the user.