We’ve all received spam emails before, and most of us are pretty good at identifying which messages are phony without even opening them. However, there is a sinister breed of spam emails that employ familiar email addresses to send fake messages, enticing even the foremost cybersecurity experts to open them. It’s called the spoof email.
What is a Spoof Email?
A spoof email is an email that looks authentic from the outside, but is actually laced with some sort of malicious software that intends to infect the recipient’s computer. These malware packed messages often appear as if they’re from friends, family, coworkers and websites you’ve created accounts with.
It’s alarmingly easy for hackers to make legitimate sounding email addresses. There are easily accessible tools that allow hackers to make their emails appear as if they’re from whatever email address they want. If the hacker creates a sending address that sounds convincing, the recipient will be prompted to open it without thinking twice.
Common Spoof Scams
Hackers need to create emails that tempt recipients to open them. Some common spoofs include:
- Emails from a familiar name. If a hacker breaches someone else’s contact list, and your address is on it, they can send an email that looks as if it’s from the person they’ve hacked. In other words, you receive a message from a familiar name (like a friend or coworker), yet it’s from a hacker who has attached a piece of malware to steal your information.
- Verification emails. When you create a new account for a website, you almost always receive an email that asks you to verify your credentials. What hackers do is send you an email that appears to be from a legitimate company (like a bank, email provider, iTunes, etc.), saying something like “Thank you for creating an account, click here if this was a mistake.” Of course, you think it was a mistake, since you never created an account. Upon clicking the link, you’re brought to a fake website that appears authentic, and when you enter your login credentials, they’re stolen.
How to Identify and Avoid a Spoof Email
Be Suspicious and DON'T CLICK
If you receive an email that appears suspicious, trust your instinct. Don't believe strange, unsolicited emails, even if they appear to be from a person you know or an institution, such as a bank or the government.
You'll almost never be contacted or asked to share passwords or financial information with a bank, the government or a vendor over email. If someone you know asks for this information and it seems suspicious, call them on the phone or speak with them in person to confirm. It's easy for hackers to take the identity of credible sources in order to fool unsuspecting victims.
The single most important piece of advice we can give: NEVER CLICK A LINK OR ATTACHMENT IN A SUSPICIOUS EMAIL. ONE SIMPLE CLICK CAN INFECT YOUR ENTIRE NETWORK.
Look for Strange Writing
Many spoof emails campaigns are launched by hackers from foreign countries, so their writing usually isn't perfect English. If an unsolicited email reads as if it was run through Google Translate or has alternating letters and numbers (k1nd 0f l1k3 th1s), don't trust it.
Conversely, many spoof emails also contain vague, professional jargon. In other words, they sound as if they were written by robots. Again, if the way an email is written triggers even a bit of suspicion in your mind, avoid it.
Don't Fall for Threats
Many spoof emails will purposely try to make you panic and act rashly.
For example, an email may appear to be from your bank and say something like "Your credit card was over charged by $10,000. Please reply IMMEDIATELY with your credit card number, expiration date and CVV to cancel it." The goal is to make you freak out and try to resolve the situation without thinking.
Don't fall for it.
Your Phone Isn't Safe
Follow the above advice when opening emails on your phone, too. For some reason, people tend to think their phones cannot be hacked. This isn't true. Your phone can absolutely be infected by a spoof email as well.
What to Do if You Identify a Spoof
If you successfully identify a counterfeit email, do not open any documents attached to it or websites it links to. Your computer or network will become infected. Instead, please report it to us immediately so we can take necessary steps to fix the situation.
You can never be too cautious with your information online. Remember, never open any attachments or links within a suspicious email, even if it appears to be from somebody you know.