Email Spoofing – How To Recognize A Spoofed Email Message?


The genesis of email was a revolutionary tool that businesses adopted over time. Once email became the norm, malicious individuals figured out ways of scamming users. By now, most email users have received strange emails from spoofed accounts. In today’s blog post we discuss how to recognize email spoofing and what steps to take to prevent being a victim.

Businesses run on email – from internal communications to customer service. Unfortunately, this makes email an effective tool for cyber criminals. If businesses do not take email security serious enough, they run the risk of becoming victims of cyber crime. Read on to learn more about email spoofing.

What Is Email Spoofing?

We’ve all received scam emails from unknown email addresses or fake accounts. People today have seen these types of fraud emails and can recognize a fake email. What exactly is email spoofing? Email spoofing is when a sender’s account and/or domain name formatted to appear as if the email is coming from a legitimate contact. For instance, a spoof email can look like a friend is sending you an email. Let’s say your friend is John Smith and his email is johnsmith@gmail.com. A quick way to check if John Smith is sending the email is to check the email header.

The email header is where important details are located. You see who sent the email, who’s the email going to, subject, date and time stamp. By reviewing the header of the email, you’re able to determine who sent it.

 

Email Spoofing Image – Example For Users

Email Spoofing Example

Let’s Diagnose An Email Spoof Attempt

Above is an example of a spoofed email. Let’s review the header first. Notice how the From address is not a LinkedIn email address. If LinkedIn were sending the email the domain name will end with @linkedin.com. Instead the email is from the domain name icoeng.com. The subject line is copied right from the emails you receive from LinkedIn. Second, when you hover over the name Akshay Das (blue link) notice the link is to a Russian website. Lastly, the “Go to InBox now” link is pointing to the same Russian website. Also see how “Go to InBox now” is also spelled. The I and B are capitalized, which is an odd way of spelling “inbox”. A good clue the email is fake.

Scammers will alter different sections of an email to disguise themselves as the legitimate contact. Often times the From field may have a name you’ve been in contact with but the actual email address is not associated with said person. For example, you’re involved in a project and are corresponding with Jane Smith and her email address is janesmith@xyzbiz.com. You notice Jane emails you in the late evening asking for an invoice payment. However, you review the email and notice her email address is janesmyth@xyzbiz.com, not the original email address. A good assumption is the email account is no longer under her control. Do not respond to the email.

Now that you’re a smart email user – you figured out the email is incorrect and someone is spoofing Jane’s email.

Email Spoofing Safety Tips

What are some methods of staying safe and prevent email spoofing? Above all, always always always read before you click on anything. In today’s fast paced world, too many users are clicking on links or downloading documents without reading. Similarly noticing misspellings or peculiar grammar is a good indication that the email is fake. Use sound judgement when examining a suspicious email. Trust your gut. Likewise it never hurts to call the person who sent the email to confirm that the email is real.

Even though examining an email is the right approach, there are other methods of keeping your email account secure. For instance, make sure email passwords are different. A perfect example of different passwords is to never use the same password twice. Employing social engineering to guess people’s passwords is the norm. Common security questions such as “What is the name of a family pet?” or “What is your oldest sibling’s middle name (or birthday)?” can also negatively connect different accounts together. Separate out passwords with different variations and make sure to add complexity. For example, use upper and lower case letters, numbers, and special characters to strengthen a password. In addition, make passwords long with 12 or more characters. The longer the password, the harder it is for someone to guess it.

Beyond that, user education is the first line of defense against email spoofing and other types of cyber attacks. Making sure your employees and co-workers understand what to look for in scam emails is key to protecting any business. Use these tips to identify and stay away from spoofed emails!

Follow Us

Andrew Lopez

Project Manager at Zuma Technology
A project manager for Zuma Technology who specializes in managed services and web development. Zuma Technology is a managed service provider that specializes in ​technology solutions for small and medium businesses. We proactively manage the customer’s computer​ and network​ infrastructure to maintain a​ secure​, functional​ and efficient​ environment.
Follow Us


Leave a Reply