How to recognize and avoid email spoofing scams
Learn our top tips to protect yourself from this common type of email scam
The threat of cybercriminals has made internet users increasingly wary of scams that attack their devices and private information. While many are familiar with ‘phishing’ scams, another tactic used by hackers known as email spoofing poses an equally dangerous threat.
What is email spoofing?
Email spoofing occurs when a cybercriminal sends an email that looks like it comes from someone else. The goal of the cybercriminals who use email spoofing is to trick you into making a money transfer, revealing sensitive data, or clicking a suspect link that installs malicious software on your device.
There are two main methods of email spoofing utilized by cybercriminals: Display Name Spoofing and Email Address Spoofing.
For example, let’s say Jane Doe’s actual email address is <firstname.lastname@example.org> and a few of her contacts have received spoofed emails from her in the past week.
- Display Name Spoofing: Jane’s name is spoofed, but not the email address Jane Doe <email@example.com>
- Email Address Spoofing: Jane’s name and email address are spoofed in a recipient’s message so the sender appears to be: Jane Doe <firstname.lastname@example.org>
To make the scam seem even more genuine, Jane’s signature in the email may also be spoofed. While Jane’s contacts will believe these messages are from her, in reality they are from cybercriminals seeking to scam them for money or data. The scammers may also contact complete strangers in an attempt to trick them, too.
How to recognize email spoofing
- An unusual request from a person or organization that you’re already familiar with.
- An email from a person or organization that you weren’t expecting, asking you to click a link or similar.
- Use of poor language, grammar, or punctuation.
- Language that encourages you to act fast.
How to combat email spoofing
- If there is a link or download available in an email you weren’t expecting to receive, do not click on it. Often, these links will install viruses or ransomware onto your computer.
- If you’re unsure if the message is from a legitimate business, don’t reply to the email. Instead, independently search online for the company and contact them directly to ask.
- Consider implementing DNS records to combat email spoofing of your company’s domain. Adding SPF, DKIM and DMARC to your business’s domain name record can help block spoofed emails from coming into your organization. An experienced IT company will be able to help you with this.
While there may be no way to completely prevent email spoofing, there are many tactics that you can use to identify and avoid them. It’s important to utilize these tactics in both a personal and professional setting to avoid being scammed.
Looking for help with your company’s cyber security?
If you’re interested in learning more about how to protect your business from scams, we offer a range of comprehensive cyber security and compliance packages that can be uniquely tailored to fit your business’s needs.
Visit our IT Security Packages page to learn more.