Spoofed Emails

Spoofing Example EmailSpoofing example

What is it?

"Spoofing" in this context refers to the act of someone sending an email that looks like it comes from an email address other than the one they sent it from. There are various types of spoofed email, and not all of them are harmful, but we'll only be looking at the malicious ones. When a scammer sends a spoofed email, they want you to believe the email is from a legitimate source so you'll be more likely to interact with it. The from address of a spoofed email can be set to any email address the scammer desires, even your own email address if the scammer wants to make it look like they sent you an email from your own account. Other times the scammer might make it look like it comes from a coworker, a higher-up, an accredited business generic email account, and so on.



Tips for identifying spoofed emails: 

  • A lot of times with spoofed emails the wording in the email or the topic being discussed doesn't seem to match up with who appears to have sent it. This is a sign of of a spoofed email, and you should be cautious if something seems unusual.
  • When you look at the from address and the name associated with it, check for misspellings or other irregularities that would indicate that it's spoofed. Sometimes the scammer doesn't know the exact email address they want to spoof, so they have to make one up.
  • Spoofed emails will often times have a sense of urgency associated with them. This is a tactic used to get you to interact with the email without thinking about it too much.
  • If you're unsure whether or not an email is spoofed, you should try contacting the person you think you're emailing outside of email, such as calling them. This way the person you contact can verify whether or not it's them emailing you.
  • If you're going to respond to a potentially spoofed email, before you send your email you should delete the 'to' address and type out the address you want your email to go to in order to ensure that it goes where you want it to.
  • If you happen to receive an email that appears to have been sent from your account to your account, and the email makes a claim that you've been hacked, an easy way to prove they didn't hack your account is to check your sent folder to see if the email is there, which it shouldn't be.