A brief overview of email spoofing
Email spoofing is the process used by scammers to masquerade as someone else. It makes the email look as if it was sent by a legitimate source or contact. This scam can be used to make their emails appear as if from official sources. The common ones we have see are HMRC, Amazon, BT, MSN or mobile phone providers. Furthermore they can appear as if from everyday contacts such as clients, friends or family. Anyone that you may be in regular communications with. It’s the digital equivalent of having your signature forged. Somebody may pretend to be you and then email all your contacts with dodgy links or malicious files.
Email spoofing is possible because Simple Mail Transfer Protocol (SMTP) does not provide a mechanism for address authentication.
The key thing to note here is that whilst an email may look like it’s been sent by a certain person it doesn’t necessarily mean they’ve been hacked and the scammer has access to their account. They are mimicking the account using the name and sender details. The email in question is made to fool you into thinking or assuming it’s from someone you know. The key reason for spoofing is to trick people into downloading files that contain trackers, visit or access suspicious URLs or to gain personal login data.
With the increase in spam, scams and other nasty stuff, mail security and deliverability improvements follow. Most spoofed emails will not reach their intended target with these in place. But don’t be too complacent, it’s always good to be on guard, keep reading for the prevention measures!
I’ve downloaded a file from a spoofed email – now what?
If you inadvertently downloaded a file from a spoofed email (before realising this was spoofed) then you’ll need to run some checks. We’d advise you to run a Malware scan on your device immediately to detect any suspicious files. After you’ve removed and isolated the suspicious files in question we’d suggest changing your passwords on any affected email account. Also notify your email hosting provider of the issues you’re facing. This will allow the host to investigate their email security further and address any potential exploits.
How can I prevent email spoofing?
One of the main things you can do to help protect yourself is to ensure that your domain has the correct security requirements applied to it. By ensuring SPF, DKIM and DMARC are correctly configured for your domain settings you should be relatively safe from email spoofing. Below is an outline of what SPF, DKIM and DMARC mean:
SPF (Sender Policy Framework)
This is an email-authentication process which is used to stop spammers and hackers from sending messages on behalf of your domain.
DKIM (Domain Key Identified Mail)
This is a feature that helps protect email senders and recipients from spam and spoofing. It is a form of email authentication that allows a company to claim responsibility for an email that can be validated by the recipient.
DMARC (Domain-Based Message Authentication, Reporting, and Conformance)
Used to authenticate an email by aligning SPF and DKIM records. It can prevent spam, phishing and spoofing emails.
Is there anything else I can do?
Further to having the above rules in place, be alert and vigilant when reading emails. It’s easy to get bogged down with all the emails in your inbox from day to day. Especially in a busy working week! But take the time to read each one properly, even if it claims it’s from someone you know. If you suspect an email sounds odd, such as being out of context, poorly worded or contains poor spelling and grammar then this is a red flag. Keep an eye out and check thoroughly before clicking any links or downloading anything from the email.
When you receive an email that you believe is likely spoofed, click on the Senders name in your email client. While the name may be legitimate such as Barclays, Amazon or Susan from accounting – the email address will likely tell another story. For example, if you see an email that presents as being from an official source but the email address it came from is Gmail then this is a huge red flag. This would be the confirmation needed that the email in question is not legitimate. We’ve seen emails that look as if they are from HMRC, very official with all the logos and headings to match. However the email address its come from is finance@hmrc.h.gov.uk. Notice the extra ‘h’ in there which can be very easily overlooked.
Delete, delete, delete!
When you have confirmed the email is spoofed or a scam, do NOT click any links within the email and delete it from your mail system immediately. Those SPF, DKIM and DMARC records are very important. With those in place the chances of you being spoofed are reduced almost completely as long as they are setup correctly. Notify the person who the email is pretending to be so they are aware their email account is being targeted.
We hope you’ve found this article helpful and given you awareness as to what a spoofed email is and the best practices in dealing with this nuisance. If you do have any questions or queries in relation to anything in this article, please don’t hesitate to get in touch and we’ll see how we can help.