We’ve all received spam emails before, and most of us are pretty good at identifying which messages are phony without even opening them. However, there is a sinister breed of spam emails that employ familiar email addresses to send fake messages, enticing even the foremost cyber security experts to open them. It’s called the "spoof email" or "scam email."
What is a Spoof Email?
A spoof email (also known as scam emails or spam emails) is an email that looks authentic from the outside, but is actually laced with some sort of malicious software that intends to infect the recipient’s computer. These malware packed messages often appear as if they’re from friends, family, coworkers, government institutions and companies you’ve created accounts with.
It’s alarmingly easy for hackers to make legitimate-sounding email addresses. There are easily accessible tools that allow hackers to make their emails appear as if they’re from whatever email address they want. If the hacker creates a sending address that sounds convincing, you might open it without thinking twice.
Common Spoof Scams
Hackers need to create emails that tempt recipients to open them. Some common spoofs include:
- Emails from a familiar name. If a hacker breaches someone else’s contact list, and your email address is on it, they can send an email that looks as if it’s from the person they’ve hacked. In other words, you receive a message from a familiar name (like a friend or coworker), yet it’s from a hacker who has attached a piece of malware to steal your information.
- Verification emails. When you create a new account for a website, you usually receive an email that asks you to verify your credentials. What hackers do is send you an email that appears to be from a legitimate company (like a bank, email provider, iTunes, etc.), saying something like, “Thank you for creating an account, click here if this was a mistake.” Of course, you think it was a mistake, since you never created the account. Upon clicking the link, you’re brought to a fake website that appears authentic, and when you enter your login credentials, they’re stolen.
An example of a spam email going around currently is one that appears to be from PayPal, alerting you that your account has been hacked. A link takes you to a fake PayPal page that looks legitimate. If you enter your information on the fake page, hackers steal it.
For more information on common types of scam emails, visit this link.
How to Identify and Avoid Scam Emails
Be Suspicious and DON'T CLICK
If you receive an email that appears suspicious, trust your instinct. Don't believe strange, unsolicited emails, even if they appear to be from a person you know or an legitimate institution, such as a bank or the government.
You'll almost never be contacted and asked to share passwords or financial information with a bank, the government or a vendor over email. If someone you know asks for this information and it seems suspicious, call them on the phone or speak with them in person to confirm. It's easy for hackers to take the identity of credible sources in order to fool unsuspecting victims.
The single most important piece of advice we can give: never click a link/attachment in a suspicious email. One click can infect your whole network. Also, do not respond to suspicious emails with any sensitive company or personal information.
Look for Strange Writing
Many spoof emails attacks are launched by hackers from foreign countries, so their writing isn't always perfect English. If an unsolicited email reads as if it was run through Google Translate, has glaring spelling/grammar or has alternating letters and numbers (k1nd 0f l1k3 th1s), don't trust it.
Don't Fall for Threats
Many spoof emails will purposely try to make you panic and act rashly.
For example, an email may appear to be from your bank and say something like "Your credit card was overcharged by $10,000. Please reply IMMEDIATELY with your credit card number, expiration date and CVV to cancel it." The goal is to make you freak out and immediately try to resolve the situation without thinking.
Don't fall for it.
Instead, exit the email and access your bank account directly to check its status.
Your Phone Isn't Safe
Follow the above advice when opening emails on your phone, too. For some reason, people tend to think their phones cannot be hacked. This isn't true. Your phone can absolutely be infected by a spoof email as well.
What to Do if You Identify a Spoof
If you successfully identify a counterfeit email, again, do not open any documents attached to it or websites it links to. Your device or network will become infected. Instead, please report it to your IT administrator immediately so we can take necessary steps to fix the situation.
You can never be too cautious with your information online. Remember, never open any attachments or links within a suspicious email, even if it appears to be from somebody you know.