We’ve all received spam emails before, and most of us are pretty good at identifying which messages are phony without even opening them. However, there is a sinister breed of spam emails that employ familiar email addresses to send fake messages, enticing even the foremost cybersecurity experts to open them. It’s called the spoof email.
What is a Spoof Email?
A spoof email is an email that looks authentic from the outside, but is actually laced with some sort of malicious software that intends to infect the recipient’s computer. These malware packed messages often appear as if they’re from friends, family, coworkers and websites you’ve created accounts with.
It’s alarmingly easy for hackers to make legitimate sounding email addresses. There are easily accessible tools that allow hackers to make their emails appear as if they’re from whatever email address they want. If the hacker creates a sending address that sounds convincing, the recipient will be prompted to open it without thinking twice.
Common Spoof Scams
Hackers need to create emails that tempt recipients to open them. Some common spoofs include:
- Emails from a familiar name. If a hacker breaches someone else’s contact list, and your address is on it, they can send an email that looks as if it’s from the person they’ve hacked. In other words, you receive a message from a familiar name (like a friend or coworker), yet it’s from a hacker who has attached a piece of malware to steal your information.
- Verification emails. When you create a new account for a website, you almost always receive an email that asks you to verify your credentials. What hackers do is send you an email that appears to be from a legitimate company (like a bank, email provider, iTunes, etc.), saying something like “Thank you for creating an account, click here if this was a mistake.” Of course, you think it was a mistake, since you never created an account. Upon clicking the link, you’re brought to a fake website that appears authentic, and when you enter your login credentials, they’re stolen.
How to Differentiate Authentic Emails from Spoofs
To see if an email is a spoof or not, check the email header. On most email clients, you can do this by right clicking a message in your inbox, and selecting “View Full Header” or something similar. If you’re having difficulty, MXToolBox offers a guide to checking email headers on virtually every email client out there.
After you’ve opened the email header, the sections on which you should focus are “mailed-by,” “signed-by” and “encryption.”
For an example of what a real email looks like, let’s pretend you’ve just received a verification message from Gmail, asking you to verify a newly created email account.What a Real Email Looks Like
You don’t remember creating a new account, so to check if the email is a spoof, you open the email header. If it’s real, it should say “google.com” in the “mailed-by” and “signed-by” sections. In the “encryption” section, it should say “Standard TLS.” Emails that are not protected by encryption are prime targets for hackers. In other words, the “mailed-by” and “signed-by” sections should line up, and contain a legitimate website. Also, messages from legitimate sources are almost always encrypted.
|Above is an example of a legitimate email header. Both the "mailed-by" and "signed-by" sections are filled in with "google.com." The email is also encrypted.|
What a Fake Email Looks Like
Continuing with the above example, let’s pretend that “google.com” didn’t appear in the “mailed-by” or “signed-by” sections. Instead, you see an unfamiliar sounding website, and the “encryption” section says the email was not encrypted. If this is the case, don’t open the message—it’s a spoof email.
What to Do if You Identify a Spoof
If you successfully identify a counterfeit email, do not open it. Just delete it and report it to your email provider. If, unfortunately, you fall victim to a phishing scam, use the Federal Trade Commission’s Complaint Assistant to report it.
You can never be too cautious with your information online. Remember, always check to see if the “mailed-by” and “signed-by” sections match with legitimate websites before you open a suspicious email.