February 27, 2019

Have you ever had an email from a friend only to open it to see a link to click? Or maybe you’ve received an email which looks like it’s from you? It can be confusing, it looks like you or your friend’s email account has been hacked, but how do you tell if it’s a hack or a spoof?

We’ve written here about a variety of scams that are doing the rounds. Scams from all sorts of places, the Inland Revenue to British Gas. But what if you get a suspicious email from a friend or even yourself?

Considering that estimates show that around 45% of email is spam, it can be pretty hard to differentiate what is real, and what is not.


What is spoofing?

Spoofing in this case, is when you receive an email from someone imitating a trusted source.

Phishers like to spoof as it hits home hard in the form of trust. If the scammer can get your trust, they can manipulate your behaviour – get you to click on a link, for example. And, it is easy to find lists of email addresses to spoof.


Tell-tale signs the email is a spoof

It is easy to spoof an email so that the email looks like it is from someone else. However, there are simple ways to tell if the email from your friend is not really from them

1. The email header:

This contains all of the details of who sent the email, to whom it was sent, and other details like the date of sending. A simple check like expanding the from field should show you the exact email address the email was sent from. The scammer will often use the real name of your friend in the email address, but the domain name will not match the usual email domain of your friend.

For example, your friend John Smith has an email address john.smith@hotmail.com. The spoofer will mix John Smith’s name with their spoof domain, making, john.smith@spoofurl.com. When you see the email in your inbox, you’ll see an email from “John Smith”. 

Check the sender’s email address carefully.

2. The content:

Spoof emails usually contain a link. This link will take you to a compromised site if you click on it, so don’t.


How did mine or my friend’s email address end up being spoofed?

Email addresses are easy to get hold of. If they aren’t already on a public domain site, like LinkedIn, they are readily available, for sale, on the black market.

Alternatively, yours or your friend’s device may have been infected with malware which collects keystrokes and email address books.

Another issue is insecure public Wi-Fi – be very careful using public Wi-Fi; never use it for sending personal data, emails, or logging into websites unless the Wi-Fi or website is secured.


What should I do if my email account has been compromised rather than just spoofed?

Spoofing email addresses is one thing, but email account compromise is something else altogether. If your email account has been hacked you will be at high risk of personal data exposure and attacks like Business Email Compromise (BEC). If you suspect your email account may have been compromised:

  1. Change your password immediately
  2. Scan your device using anti-virus software


Don’t spoof your education

The best way to keep your organisation safe from spoof email is educating your employees about spoof emails and phishing. Make sure that you and your workforce are up to date with how to spot the signs of a spoofed email. Chances are, you’re not the only person in a company to receive a spoof email, and it only takes one person to click a malicious link for your company to become infected with malware and/or login credentials to be stolen.

Also, if you use an email gateway, set up anti-spam and spoof options.

Spoofing is more than just an annoyance, it can be a route for a cybercriminal into your organisation.


Why not help your colleagues stay safe and send them this little reminder. Feel free to edit, copy/paste the advice below:

 Spoof or Hack?

Hacked or spoofed emails can seem genuine. If you receive an email from a friend or colleague, containing a link to a suspicious URL – be careful. These emails may be spoofs. Spoofed email accounts may even use the correct name of your friend or colleague, but the actual sender’s email address will differ.

Similarly, hacked email accounts can be used to send out phishing emails. Beware of clicking links in emails. Always double check the sender’s address, or if in doubt, make a call directly to the sender.

Help your employees stay safe in the fight against cyber-crime – sign up for a free security awareness training demo, today.

Share this: