In the digital space, email spoofing is a form of a malicious attack that can impact anyone online. For those that may not be familiar with this tactic, online "spoofing" generally has the same meaning as the traditional sense of the word.
Spoofing is defined as:
/spo͞of/; verb - Origin: late 19th century English comedian Arthur Roberts.
1. Imitate (something) while exaggerating its characteristic features for comic effect.
2. Hoax or trick (someone).
In the context of computers, to spoof one’s email address means that the sender is acting as if the email is coming from someone it is not. How someone (or something, like a bot) sends an email made to look like it comes from someone or somewhere else is a little more technical to explain.
1. How does Spoofing work?
Spoofing email addresses is rather easy. All a person needs to spoof an email address is an SMTP (Simple Mail Transfer Protocol) server - a server that can send email - and the appropriate email software. Most website hosting services will even provide an SMTP server in their hosting package. It is also possible to send email from your own computer if you load an SMTP server on it, however most ISPs will block port 25 (which is required to send out email).
Many of the available free SMTP servers will allow you to show a different “from” address than the actual registered domain that the email is transmitting from. However, to the recipient of said message, they will see that it actually came from the address you specified.
Now, there are special checks in place (and more being put into place) to prevent exactly this problem. One is called SPF or “Sender Policy Framework” which was developed by Meng Weng Wong in 2003. Basically, each time an email is sent, the receiving server compares the IP of the origin with the IP listed in the SPF record with the appropriate domain.
Let’s say someone tried to spoof Bill Gates (email@example.com). They would send an email on his behalf > the recipient server would then talk back to microsoft.com and say “Hey, I have an email that is coming from 18.104.22.168 stating that it was sent from firstname.lastname@example.org.” > microsoft.com would then tell the recipient server, “No, sorry, it should be coming from 22.214.171.124.” and the message would never get delivered.
2. Why is my email address being spoofed?
There are two basic reasons people (and machines) spoof:
- Malicious attacks causing useless internet traffic attempting to bog down servers or bring them to a halt.
- Because you were unlucky enough to have clicked the wrong thing at the wrong time.
There is only one reason that people - and all of this was at some point, created by people - take the time to code, program and create things like viruses, spoofing, spam, and malware. It is for no other reason than the fact that they can do it. They are bored, or are getting paid by others that want to cause havoc on the Internet. Think about what I show in the example above. At the end of that example I state that the message doesn’t get delivered. So where does that email go? Well, it sits around in holding bins called queues, sometimes weeks, trying to get delivered. Multiply that by the billions of emails that are transmitted daily and one can imagine how much damage could be done with spam and spoofing.
Don’t get me wrong, I too at times wish the Internet wasn’t around and miss the days of yesteryear. We have too much information at our fingertips and not enough human hearts controlling it (but that’s a topic for another time). However, the Internet is a central part of our daily lives, whether it's beneficial or corruptive.
3. How did they get my email address?
I have been working in Information Technology for almost twenty years and I’ve seen it all. The two biggest problems that cause people to get listed on spoofing databases (lists of email addresses for spoofing) are:
- People click a link in a phishing email and freely submit their email address (unbeknownst) to the list.
- People forward mails to mass groups of people, exposing their email address - everyone else’s. All you need is for one of those receiving email boxes to have a scraper in it, which is something that pulls all the email addresses it can find and adds it to a list.
4. How can I protect myself from being spoofed?
Use Your Spam Filters
Nearly every free (and paid) email service has spam filters and junk boxes. If something goes to your junk mail, don’t simply unblock it. Investigate the email, even if it looks like it’s coming from someone you know. Make sure that it really did come from that person and that they intended to send it to you.
Never click an unexpected link or download an unfamiliar attachment.
Nearly all major companies (such as banks) have policies in place that require that if they need you to click a link to their site, they will include some sort of identifying information such as your name or last four digits of an account number. Pay special attention to that. Too many people see a generic email that simply says “Your account has been compromised, click here to validate.” No legitimate bank or institution will ever send that. They would say “Dear Jason, We believe your account has been compromised, please call us at XXX-XXX-XXXX.”
Learn to read email message headers and check domain names and IP addresses.
Nearly all email programs will let you float your mouse over an email address (or link in an email). What you see pop up should be identical to what you are floating over. If it is something different, then it is probably spam or phishing for information.
It's very important to train your employees to know the vulnerabilities and the tactics hackers may use to gain access to your private information. Our team at SeedSpark specializes in proving cutting-edge software, reliable email security, and corporate training that can provide multiple layers of protection that stand between you and the those that are fighting to get access to your most important data.