Common Email Scams: Email Spoofing

email spoofing

Email spoofing is used in phishing attacks and spam mail to trick recipients into thinking an email came from a legitimate source. In these attacks, the sender fakes the email headers showing a name that looks trustworthy. But if you take a closer look, you might find some unusual information there, like a name with numbers or a misspelled email.

Frequent spammers are usually blacklisted on many email platforms, that’s why some scammers are spoofing email addresses to bypass spam blacklists.

Email Spoofing As A Threat

Email spoofing is a type of cyber attack where the real sender’s details are modified. Unlike other types of scams, spoofed emails are created to take advantage of human error, such as failing to double-check headers after seeing the email address. 

This type of email scam can damage the reputation of the business that owns the domain. Domain owners should strengthen their security to prevent scammers from impersonating them.

Here are reasons why scammers spoof emails:

  • Pretend to be a trusted person (a friend or co-worker) to get confidential information
  • Identity theft by requesting personal information and then impersonating the victim
  • Spread malware through attachments and links
  • Obtain and sell sensitive data to third-party vendors
  • Damage the sender or brand’s reputation

 

How to Identify Email Spoofing

Most email spoofing attempts are connected to phishing attacks, which is why these types of email scams typically pose as known brands and corporations. There are different types of email spoofing scams that you should learn to identify.

Display Name

In this type of spoofing, the sender registers a new email account using the actual name of the person they are impersonating. Mobile email apps usually only show the display name due to space limitations, but if you check the mailto: on the email header, it will probably show a different email address. 

Legitimate Domains

Domain spoofing is very common and is often done to impersonate an employee of the brand or business. No special skills are needed for this because it does not require the criminal to hack the sender’s account. Email spoofing is done through a Simple Mail Transfer Protocol or SMTP server and an email platform that allows them to change the From, Reply-To, and Return-Path fields.

Lookalike Domains

Protected domains are not easily spoofed, so scammers might resort to lookalike domains. They use a fake email address containing the domain of a real website, some having misspellings or lookalike characters to make it seem like the email address is legitimate at first glance. It’s effective because most people don’t really check headers unless the email contents seem really dodgy.

How to Stop Email Spoofing Attacks

Everyone should make it a habit to carefully check email headers and confirm the email address before clicking anything on any email. There are also other ways to strengthen your email security against spoofing attacks. 

Email Security Protocols

Use domain authentication to reduce spam and threats. Sender Policy Framework (SPF) can detect forged email addresses and it is also used by companies to prevent unauthorized people from using the domains. Other authentication options include DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC).

Email Encryption

The legitimate sender adds a digital signature to the header so that the recipient’s mail server can verify its authenticity. DomainKeys Identified Mail (DKIM) is one of the common protocols used by organizations to prevent scammers from using their domains.

Email Security Gateway

Organizations that use Security Email Gateways are protected from web-based threats, as well. Email Security Gateways offer robust protection against various security threats. These gateways consist of technologies that block emails that breach policies. All inbound and outbound emails are scanned for malware and malicious or spam content.