I’ve been getting a ton of spoofed emails over the past year, so I decided to investigate.
According to glockapps.com, Email spoofing and phishing increased by 220% in 2021. Basically, cyber-criminals are taking advantage of opportunities to spoof emails and phish for valuable information and credentials.
It turns out that spoofing an email is relatively easy to do. To perform an email spoofing attack, the malicious sender simply has to compromise the SMTP(Simple Mail Transfer Protocol), which isn’t hard because it is created without any security precautions. By reconfiguring the application or service, an attacker can send an email on behalf of anyone. Let’s just say that it is now possible to send thousands of fake messages from an authentic email domain!
Usually, spoofers take advantage of the email header components: “From” field, “Return-path”, and “Reply-to”. So, you may get an email that look likes it came from your own email address, from your own domain, or a domain that you would normally trust. Or it may just look like it came from a trusted sender. Here are some examples:
What is Email Spoofing?
Email spoofing attacks occur when a cybercriminal attempts to commit email fraud by forging someone else’s identity via email. Then, they use that forged sender address to try to convince a recipient to perform some action so that they can gain access to that recipient’s personal and private information. Usually, spoofers pretend to be a person or an organization that the recipient would trust.
Beware of Phishing!
Email spoofing turns into a phishing attack when the hacker embeds the spoofed email with malicious links or an attachment that can install malware onto the recipient’s computer. What should you do if you get a spoofed email? My advice is to do nothing. If you get such an email, the best thing to do is simply trash it. Do not click on ANY link, including the unsubscribe link. Changing your email login credentials such as your password will likely not have any effect of these, because they are not logging into your email to create the spoof. Just delete and ignore.
Here are some actual examples of emails that I have received over the past several months. Obviously, these are screen captures and I didn’t click on them (but you can click on the image to enlarge it).
These all look pretty realistic and might tempt you to click on them. But, as scary as this might be, what is even scarier is when the spoofed email tells you that your email account is about to be deleted for some reason (and these emails come from your own domain!). I know these are not real, because I control my own email accounts, but the average website owner may not know that these are spoofs. Be very careful with these types of emails – if in doubt, call me first!
Funny, I don’t even use Outlook! Here are more…
These types of emails can wreck havoc on your business and your personal life. I talk about them in more detail in my book, “Cyber Wars” and what you can do to protect yourself. Here are the basics:
- Use a strong security software such as iolo.
- Keep your computer (and phone) software updated
- Enable multi-factor authentication on your accounts
- Keep all your data backed up to the cloud and to an external hard drive
- Use strong passwords that you update as needed
- Train your employees to be aware of social engineering tactics
- NEVER click on a link from a suspicious email, even to unsubscribe
- Call your webmaster or the sender if in doubt
If you found this information helpful, please leave use a positive review at https://webstoresltd.com/google, and share this article with a friend!