Recently we have found that more and more people are receiving emails from an address that appears to be using their domain. Sometimes even from their own email address! This obviously causes concern - and many people will worry that they have been hacked. Despite appearances - this is often not the case - it tends to be a case of email 'spoofing'.
If the email in question is from your own email address, a quick way to check is to see whether it is showing up in your sent items. If it isn't there, then your email address didn't send it.
So what is email spoofing?
Essentially email spoofing is a forgery of an email header; to make the message look as if it has been sent to you by someone or somewhere other than the actual source.
It is possible to send a message that appears to be from anyone, anywhere and can say whatever the sender wants to say. Therefore the message could appear to come from your domain - or even you.
Why do spammers do this?
Spammers are constantly trying to come up with new ways to reach and access individuals - the purpose of a spoof email is to trick the recipient into opening the email, attachments or even replying to the email. The idea being that if the email comes from a familiar address - the recipient is more likely to trust the sender and open the mail.
Although spoofing is usually carried out by spammers for advertising purposes, spoofing can actually be used for more malicious reasons, such as phishing, spreading a virus or attempting to gain personal information.
What is phishing?
Phishing is a type of fraudulent email which will typically direct a user to a website where they will be asked to update personal details (such as passwords, credit card numbers and banking details). The email will often proclaim to be from a legitimate organisation - in the hope that you will not suspect that the email is fraudulent.
It's estimated that around 80,000 people are tricked by phishing emails per day!
How spoofing works
The simplest form involves changing the from field of outgoing messages - to show a name or address that is in fact different from the name or address of the actual sender. Most POP email clients will allow you to put whatever name you want in here. When you have set up email accounts in the past - you will have most likely entered a display name, this is the same thing - and this is the name that will display in the recipients inbox when you send them mail. It is also possible to type whatever email address you would like to appear, in the field that asks for the email address. These fields are separate from the field where you would enter the account name supplied to you by your ISP.
How to spot a spoof email
If you don't recognise the first part of the email, so if it is name or something like [email protected] and you don't believe that either of these email addresses exist at your domain - then they probably don't! Also if you check the header in the mail, you can normally determine the origin of the mail (many email clients do not show this by default).
Also any item that was sent from one of your email addresses will show up in the sent items folder - if it's not there then it's likely to have been spoofed.
What should I do?
For the most part spoof emails are just an inconvenience - and we would recommend that you delete them and treat them as you would any other spam emails.
- If you want to find the original source of the email then you can take a look at the header.
- If you are at all suspicious then do not open the email, open any attachment, respond, click any links or supply any personal information.
- If any email asks you for personal information - try to establish that it is from a trusted source
- If it is a friend or an internal company email - call the sender to confirm.
- If it is claiming to be from a legitimate organisation, then look for their general number (not a number supplied in the email or links) to confirm if the email is in fact from them.