Problem/Question
People are claiming that I've emailed them malicious emails.
Overview
If users have informed you that they've received an email from you, but you know you haven't sent said email, it is likely your email address is getting spoofed.
Solution
Spoofing Definition
Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. Spoofing can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address, Address Resolution Protocol (ARP), or Domain Name System (DNS) server.
Spoofing can be used to gain access to a target’s personal information, spread malware through infected links or attachments, bypass network access controls, or redistribute traffic to conduct a denial-of-service attack. Spoofing is often the way a bad actor gains access to execute a larger cyber-attack such as an advanced persistent threat or a man-in-the-middle attack.
Successful attacks on organizations can lead to infected computer systems and networks, data breaches, and/or loss of revenue—all liable to affect the organization’s public reputation. In addition, spoofing that leads to the rerouting of internet traffic can overwhelm networks or lead customers/clients to malicious sites aimed at stealing information or distributing malware.
How Spoofing Works
Spoofing can be applied to several communication methods and employ various levels of technical know-how. Spoofing can be used carry out phishing attacks, which are scams to gain sensitive information from individuals or organizations.
Email Spoofing
Email spoofing occurs when an attacker uses an email message to trick a recipient into thinking it came from a known and/or trusted source. These emails may include links to malicious websites or attachments infected with malware, or they may use social engineering to convince the recipient to freely disclose sensitive information.
Sender information is easy to spoof and can be done in one of two ways:
- Mimicking a trusted email address or domain by using alternate letters or numbers to appear only slightly different than the original
- Disguising the ‘From’ field to be the exact email address of a known and/or trusted source
How to Protect Against Spoofing Attacks
The primary way to protect against spoofing is to be vigilant for the signs of a spoof, whether by email, web, or phone.
Do, when examining a communication to determine legitimacy, keep an eye out for:
- Poor spelling
- Incorrect/inconsistent grammar
- Unusual sentence structure or turns of phrase
These errors are often indicators that the communications are not from who they claim to be.
Other things to watch out for include:
- The email sender address: sometimes addresses will be spoofed by changing one or two letters in either the local-part (before the @ symbol) or domain name.
- The URL of a webpage: like email addresses, the spelling can be slightly changed to trick a visitor not looking closely.
Don’t click on unfamiliar links or download unfamiliar/unexpected attachments. If you receive this in your email, send a reply to ask for confirmation. If an email address is spoofed exactly, the reply will go to the actual person with the email address—not the person spoofing it.
Don’t take phone calls at face value; be wary of the information the caller is requesting. Google the phone number presented on the caller ID to see if it’s associated with scams. Even if the number looks legitimate, hang up and call the number yourself, as caller ID numbers can be spoofed.
Spoofing can sometimes be easy to spot, but not always—more and more, malicious actors are carrying out sophisticated spoofing attacks that require vigilance on the part of the user. Being aware of different spoofing methods and their signs can help you avoid being a victim.
For additional information, please watch the following video:
Still Need assistance? See the following related services:
List links to related Service Catalog categories.
(Note: If you don’t have any information for this section the KB Team will fill this in during review.)