You’re going about your day and see an email come in from a friend. But when you read it, it’s a little strange. It might just say “Hey, You really need to see this video!” or something similarly cryptic that is out of the ordinary. But since it looks to be from your friend, you click the link, trusting the sender is who it states in the “From” line.
As soon as you land on the page, your computer begins acting funny. You were just caught by a phishing site that injected malware as soon as the page loaded!
Email spoofing has, unfortunately, become common. It’s when a phishing scammer uses a legitimate email address in the “From” line to make the recipient think the email is from either someone they know, someone in their company, or a company they may do business with (like their bank).
Over 90% of cyberattacks begin with phishing emails.
Phishing using links has become more popular than using email attachments because links don’t technically contain malware, so they often get by standard antivirus software. If you don’t have other IT security safeguards, like DNS filtering, then you can end up compromising an account login or suffering a drive-by download of malware from a phishing site.
Many people think they can trust the email address that they see when they look at the message. They may even be savvy enough to know to look for any slight misspellings. But they don’t realize that a hacker can use a completely different address in the “From” than actually sent the message.
So, how do you know if an email message is legitimately from your friend, a work colleague, or a company you do business with if you can’t trust what you see as the sender?
We’ll go through a few tactics you can use to spot a fake.
How to Spot Email Spoofing in a Phishing Attack
Check the Email Address, Don’t Just Go By the Name
One form of spoofing which is more basic than another but still fools people is when the sender simply puts another display name for the email address. Mail programs will use a display name feature like “Jill Jones <firstname.lastname@example.org>” What you end up seeing in the From line of an email is just the “Jill Jones” part.
This can make you think the email is from your friend when it isn’t. If you click into the name to see the actual email address, you might see that it isn’t her email at all and is something like email@example.com.
View the Source Header of the Email
A more sophisticated way to fake an email address is by using the actual email address of the company or person in the From of the email, so if the person looks past the name only, they see the right domain. For example, you might look and see a message from “firstname.lastname@example.org” and immediately think it must be from your bank because hackers can’t put in a fake email.
But they actually can.
To spot this type of fake, you will need to look at the email header source code. This is code that will show the actual sending email address. Some will also show you email spoofing checks at the bottom if email authentication is in place.
See how to check email headers in Outlook.
See how to check email headers in Gmail.
The header is the source code of the message, and the spammer can’t hide their email address from the header section. Most people don’t go in to look at the header. It can be difficult to read and understand some email source code, so feel free to contact Two River Computer if you need help.
Look for Telltale Signs of a Fake
Don’t drop your “phishing antenna” just because you see a familiar email address as the sender of an email. Keep looking for anything else suspicious that would indicate the email isn’t from the person or company it appears to be.
Common indicators of a fake:
- If the email doesn’t make sense to you (i.e., it’s strange that your friend would send this)
- Spelling or grammar errors
- No explanation or normal greeting, just a sentence or two with a link to click
- The email is unexpected
It’s always best to contact the person/company the email is purporting to be from when in doubt. For example, call your friend or call the company that appears to be the sender to ask if they actually did send you that email message. One short phone call could save you months of ransomware or malware remediation and all those associated costs.
Need Help With Email Security?
Two River Computer can help you improve email security at home or work with smart solutions to combat phishing and email spoofing.
Contact us today for a free consultation. Call 732-747-0020 or reach us online.