The world's premier anti internet scam, anti fraud information blog


Spoofed! When Good Email Goes Bad


How Spammers Spoof Your Email and What You Can Do

How they do it
You just received an email from Jim down the corridor telling you to check out some cool link that he found, yet you don’t really know Jim and why is he sending you funny emails now. This is obviously a spam email, but how did they do it? Should you tell Jim that he had his email hacked?

Email spoofing has been around since the early 2000’s, and though there have been measures put in place to make it harder to do, the basic principle is still the same. The spammer wants you to click on some malicious link or open an infected attachment. So they make it look like it was sent from an email address that you would trust. Originally spammers would steal contact lists from malware-infected PC’s, but nowadays doxing is the preferred source of information. Doxing means searching for information on someone using their social media and other websites they might have used.

Once the spammer has an email address they believe you will trust, they simply need to set up an email server (anyone can easily do this) and use one of the many mailing software packages which allow you to spoof, also incredibly easy to obtain. They can then compose the email, input the spoofed email address, and the job is done. You will receive an email that looks like it is from a trusted email address, but it actually isn’t.

What you can do
Before the email even reaches your inbox, it is normally checked by your email provider, this is done by checking it against the DMARC (Domain-based Message Authentication, Reporting and Conformance) records connected to the email address used. Most big email providers, such as Google, Yahoo and Hotmail, use DMARC and it is very proficient at cutting out the spam. As well as once it catches a spam email, it can quickly block the server sending the emails to prevent other users from being spammed.

But what if your email provider doesn’t use DMARC, or the email manages to get through the filters?
Then there are few extra precautions you can take. Firstly, strengthening your spam filters is a great idea, generally spam filters are well set up, but the default settings are meant to work for everyone, so they may not be in the best configuration for your email requirements. Browse through the settings and personalize them to suit your habits and security needs.

You can also be an active investigator of your spam. If something looks a bit fishy to you, then you can check it out, by checking the IP address of the sender. Spoofing an email address is a lot easier than spoofing your IP, so most spammers won’t change theirs. To check the IP address, there is an option normally to view the original message, which will contain the IP address. You can then check it against previous emails from the real person, or you can simply have a look at the geolocation of the IP address. If the email is from Jim down the hall, then he definitely didn’t send it while in Lagos.

Finally, and this cannot be stated enough. Don’t click suspicious links or open suspicious attachments. If it’s a link, rather go directly to website by typing it into your browser. If it’s an attachment, simply reply asking them to send another email. Your reply goes to the actual email address instead of the spammer and they can verify it for you.