What Is Email Spoofing? How Scammers Forge Fake Emails
Whatsapp Pinterest

What can you do if someone is using your personal email address? If your family and friends get suspicious mails from your address, you might think you’ve been hacked. Similarly, if you get spam from someone you know, has their system been compromised?

This is a process called email spoofing. It’s surprisingly simple to do and incredibly common.

What Is Email Spoofing?

Email contact form

Your immediate concern is, of course, that you’ve become a victim of cybercriminals. However, this often isn’t the case; instead, someone is faking your email address.

All emails come with details of the recipient and the sender, and the latter can be spoofed (which simply means it’s an imitation address).

So why have you received an email seemingly from yourself? There are a few possibilities.

The first instance is when a message can’t be delivered, so is “returned” to the address in the sender field. This will seem especially odd if you didn’t send that message. At least you now know that someone is faking your address.

Scammers can learn of your address through numerous methods, including social media accounts and mutual contacts. It could also be that your email address is in the public domain anyway; if you’re a business or have a newsletter, for instance, your address will probably be publicized. This makes life a lot easier for scammers looking to spoof emails.

Many of us send ourselves important documents and images through email as a means to back them up. This is a simple way of keeping your vital files accessible wherever you are, without the need for cloud computing 6 Reasons to Avoid Cloud Services and Keep Your Feet on the Ground 6 Reasons to Avoid Cloud Services and Keep Your Feet on the Ground Thanks to services like Dropbox and Google Drive, we're giving up a lot more than we're getting when we use cloud storage. Here's a look at why you should be worried. Read More .

Cybercriminals see this as an opportunity: an email from yourself or another contact may sufficiently pique your curiosity and you’ll click on the enclosed link.

And we all know not to trust links in emails, right? This is how viruses spread and gain private data about users. It’s one way scammers can get past whatever security measures you’ve taken. By clicking a link, you’re essentially accepting a download of any software enclosed, which bypasses even the sandboxing process your browser uses What Is the Most Secure Mainstream Browser? What Is the Most Secure Mainstream Browser? The battle for the best desktop browser will never be settled. But which is the most secure? All boast having superior protection -- but in 2017, which is the browser of choice for the security-... Read More to keep your device safe.

How Are Email Addresses Spoofed?

Sending a new email message
Image Credit: Aaron Escobar/Flickr

So how does it work? How can you spoof, and subsequently spam, an email address?

All a scammer needs is a Simple Mail Transfer Protocol (SMTP) server—that is, a server that can send emails—and the right mailing equipment. This could simply be Microsoft Office Outlook.

You need to provide a display name, email address, and login information: basically, a username and password. The latter lets you into your own email account, but your displayed name and email address can actually be whatever you like.

Code libraries like PHPMailer streamline the process; you simply have to fill out the “From” field, write your message, and add in the recipient’s address.

We don’t advise you do this, obviously, because, depending on your jurisdiction, it’s illegal.

Most email clients don’t support the practice. They typically ask you to verify that you can log into the address you’re pretending to send messages from.

There are ways around this, but scammers bypass it using “botnets” as mail servers Is Your PC A Zombie? And What's a Zombie Computer, Anyway? [MakeUseOf Explains] Is Your PC A Zombie? And What's a Zombie Computer, Anyway? [MakeUseOf Explains] Have you ever wondered where all of the Internet spam comes from? You probably receive hundreds of spam-filtered junk emails every day. Does that mean there are hundreds and thousands of people out there, sitting... Read More . A botnet is a system of infected computers, acting generally without the users’ knowledge to forward viruses, spam, and worms to other devices.

Why Did Strangers Get Emails From Me?

In rare cases, you might get an angry message from a stranger who claims you sent them a virus. Yep, this is due to email spoofing.

When one machine is compromised, malicious software scours the address book and sends malicious software to contacts using that email client. These often claim to be from a friend of the infected computer’s user.

You don’t even need to know this person—their name is being used solely because you have a mutual contact!

A virus’ modus operandi is to prosper. They spread and infect as many machines as possible to gain as much personal information, and therefore influence, as they can. Most notably, this is through malware installed on a device through subterfuge, like a Trojan horse which purports to be something useful while hoovering up your data.

If you get a message from an irate stranger, explain that this isn’t your fault. Maybe forward them onto this page so they’re aware of what can be done. You could then try to isolate which contact you’ve got in common, so you can alert them that their system has been compromised. That’s a bit of a needle in a haystack, however…

What to Do If You Get a Suspicious Email

If there’s a link in the email, do not click it. Similarly, don’t download any attachments unless you know they’re genuine. It doesn’t matter if it comes from someone you think you can trust or not.

Read up on spotting a fake email 5 Examples To Help You Spot A Fraud Or Fake Email 5 Examples To Help You Spot A Fraud Or Fake Email The shift from spam to phishing attacks is noticeable, and is on the rise. If there's a single mantra to keep in mind, it's this -- the number one defense against phishing is awareness. Read More , and don’t ignore basic practices 7 Important Email Security Tips You Should Know About 7 Important Email Security Tips You Should Know About Internet security is a topic that we all know to be important, but it often sits way back in the recesses of our minds, fooling ourselves into believing that "it won’t happen to me". Whether... Read More if the email is supposedly from someone you know. We tend to be immediately skeptical of out-of-the-blue mails from our own address, but not of unsolicited messages from friends.

Then again, the fact that you know the sender should give you an advantage. You know if they’re likely to send a link on its own with no other text around it; whether their messages are long and rambling; or whether they always make spelling mistakes.

If nothing’s immediately obvious, check through previous emails and note patterns. Do they have a signature that comes through on all their messages? Do they normally send emails via their phone, and so have “Sent from my iPhone”, for example, at the bottom?

If you’re still not sure, simply ask the supposed sender.

What to Do If Someone Is Using Your Email Address

Laptop keyboard
Image Credit: Sarah Deer/Flickr

We always advise you not to click on anything you think might be malicious. Certainly don’t click on anything if the email appears to be from your own address and you don’t recall sending it.

If the message claims to be from you, check your Sent folder. If it’s there, but you didn’t send it, your account has likely been compromised. Equally, if you look on Gmail, you can see “Last Account Activity”, which might give you an indication about whether someone else is logging into your account.

You must change your password straight away. Check out these tips for creating a stronger password 7 Ways To Make Up Passwords That Are Both Secure & Memorable 7 Ways To Make Up Passwords That Are Both Secure & Memorable Having a different password for each service is a must in today's online world, but there's a terrible weakness to randomly generated passwords: it's impossible to remember them all. But how can you possibly remember... Read More .

Unfortunately, there’s very little you can do about spoofing, apart from become more savvy about spam.

But you need not feel entirely useless because you might be able to ascertain the Internet Protocol (IP) address from an email. You can trace the origin of email by learning to open headers and finding the IP address. This might look intimidating, but from there, you can then trace that to a PC How to Trace an IP Address to a PC & How to Find Your Own How to Trace an IP Address to a PC & How to Find Your Own Want to see the IP address of your computer? Perhaps you want to discover where another computer is situated? Various free tools are available that tell you more about a computer an its IP address. Read More .

How Else Can You Protect Yourself?

It can be a frustrating situation to find yourself in, but fortunately, more people recognize email spoofing as a scam, immediately sending such items to the trash.

They do serve as a timely reminder that we always need to keep every aspect of our online lives secure—that means social media feeds, your browsers, and your email accounts. You can at least switch to an encrypted provider The 3 Most Secure & Encrypted Email Providers Online The 3 Most Secure & Encrypted Email Providers Online Fed up with government surveillance? Concerned your emails might be read by third parties? If so, it's worth looking at an encrypted email solution to protect your messages. Read More that knows the importance of privacy.

Image Credit: cienpies/Depositphotos

Explore more about: Email Tips, Online Security, Phishing, Spam.

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *