Freeola posted on Friday April 8th, 2016

Recently we have found that more and more people are receiving emails from an address that appears to be using their domain. Sometimes even from their own email address! This obviously causes concern - and many people will worry that they have been hacked. Despite appearances - this is often not the case - it tends to be a case of email 'spoofing'.

If the email in question is from your own email address, a quick way to check is to see whether it is showing up in your sent items. If it isn't there, then your email address didn't send it.

So what is email spoofing?

Essentially email spoofing is a forgery of an email header; to make the message look as if it has been sent to you by someone or somewhere other than the actual source.

It is possible to send a message that appears to be from anyone, anywhere and can say whatever the sender wants to say. Therefore the message could appear to come from your domain - or even you.

Why do spammers do this?

Spammers are constantly trying to come up with new ways to reach and access individuals - the purpose of a spoof email is to trick the recipient into opening the email, attachments or even replying to the email. The idea being that if the email comes from a familiar address - the recipient is more likely to trust the sender and open the mail.

Although spoofing is usually carried out by spammers for advertising purposes, spoofing can actually be used for more malicious reasons, such as phishing, spreading a virus or attempting to gain personal information.

What is phishing?

Phishing is a type of fraudulent email which will typically direct a user to a website where they will be asked to update personal details (such as passwords, credit card numbers and banking details). The email will often proclaim to be from a legitimate organisation - in the hope that you will not suspect that the email is fraudulent.

It's estimated that around 80,000 people are tricked by phishing emails per day!

How spoofing works

The simplest form involves changing the from field of outgoing messages - to show a name or address that is in fact different from the name or address of the actual sender. Most POP email clients will allow you to put whatever name you want in here. When you have set up email accounts in the past - you will have most likely entered a display name, this is the same thing - and this is the name that will display in the recipients inbox when you send them mail. It is also possible to type whatever email address you would like to appear, in the field that asks for the email address. These fields are separate from the field where you would enter the account name supplied to you by your ISP.

How to spot a spoof email

If you don't recognise the first part of the email, so if it is name or something like [email protected] and you don't believe that either of these email addresses exist at your domain - then they probably don't! Also if you check the header in the mail, you can normally determine the origin of the mail (many email clients do not show this by default).

Also any item that was sent from one of your email addresses will show up in the sent items folder - if it's not there then it's likely to have been spoofed.

What should I do?

For the most part spoof emails are just an inconvenience - and we would recommend that you delete them and treat them as you would any other spam emails.

  • If you want to find the original source of the email then you can take a look at the header.
  • If you are at all suspicious then do not open the email, open any attachment, respond, click any links or supply any personal information.
  • If any email asks you for personal information - try to establish that it is from a trusted source
  • If it is a friend or an internal company email - call the sender to confirm.
  • If it is claiming to be from a legitimate organisation, then look for their general number (not a number supplied in the email or links) to confirm if the email is in fact from them.


Thank you for your comment. Your comment has now been successfully added to this post.

Hmmm... commented on 14th April, 2016
Good to see this blog entry on email spammers and phishing has reached readers India's mobile app development already!!!

Ashish commented on 14th April, 2016
thank you for sharing such a very informative article on Email frauds.

Rainbird commented on 8th April, 2016
Yep Hmmm!

Spammers are unfortunately always getting sneakier and sneakier!

Unfortunately it can be very difficult to spot a 'tell' on these more intelligently spoofed emails. The best advice we can give is to be suspicious of any email (even from official addresses) that asks for any personal details. We urge that if anyone is unsure of the origin of the email to call up and confirm it was in fact sent by the company in question.

Our customers will only ever be contacted by us on either an @freeola.co.uk, @getdotted.co.uk or @emergencyinternet.co.uk address.

Hmmm... commented on 8th April, 2016
Recently I've seen some spam where even looking at the email headers I couldn't see the real address or the spammer's IP address?

Are there any tips on how to breakdown/analyse these types of spam?

Showing the normal messages/addresses generated by Freeola's mail servers (standard + EmailPro) might be helpful.

I'm not sure your tip on checking "sent mail" is good advice.
If someone has managed to hack into your email it's not very likely they will be creating mail on your own device!
Of course if someone was simply using the owners device they could remove the email from the Sent mail folder!