What is it?
"Spoofing" in this context refers to the act of someone sending an email that looks
like it comes from an email address other than the one they sent it from. There are
various types of spoofed email, and not all of them are harmful, but we'll only be
looking at the malicious ones. When a scammer sends a spoofed email, they want you
to believe the email is from a legitimate source so you'll be more likely to interact
with it. The from address of a spoofed email can be set to any email address the scammer
desires, even your own email address if the scammer wants to make it look like they
sent you an email from your own account. Other times the scammer might make it look
like it comes from a coworker, a higher-up, an accredited business generic email account,
and so on.
Tips for identifying spoofed emails:
- A lot of times with spoofed emails the wording in the email or the topic being discussed
doesn't seem to match up with who appears to have sent it. This is a sign of of a spoofed email, and you should be cautious if something seems
unusual.
- When you look at the from address and the name associated with it, check for misspellings
or other irregularities that would indicate that it's spoofed. Sometimes the scammer doesn't know the exact email address they want to spoof, so
they have to make one up.
- Spoofed emails will often times have a sense of urgency associated with them. This is a tactic used to get you to interact with the email without thinking about
it too much.
- If you're unsure whether or not an email is spoofed, you should try contacting the
person you think you're emailing outside of email, such as calling them. This way the person you contact can verify whether or not it's
them emailing you.
- If you're going to respond to a potentially spoofed email, before you send your email you should delete the 'to' address and type out the address
you want your email to go to in order to ensure that it goes where you want it to.
- If you happen to receive an email that appears to have been sent from your account
to your account, and the email makes a claim that you've been hacked, an easy way
to prove they didn't hack your account is to check your sent folder to see if the
email is there, which it shouldn't be.
