How come your customers are receiving emails from your domain, but you never sent them? This scenario (think of phishing) can seriously damage your company’s reputation and should be fixed as soon as possible.
Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a popular tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate or familiar source. The goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation.
Although most spoofed emails can be easily detected and require little action other than deletion, the more malicious varieties can cause serious problems and pose security risks. For example, a spoofed email may pretend to be from a well-known shopping website, asking the recipient to provide sensitive data such as a password or credit card number. Alternatively, a spoofed email may include a link that installs malware on the recipient’s device if clicked (there is not even need to execute a script, the mere visit to a specially crafted website can be enough). One type of spear phishing attack used in business email compromises involves spoofing emails from the CEO or CFO of a company requesting a wire transfer or internal system access credentials.
While email spoofing is most popularly used to execute phishing attacks, a cybercriminal may also use this technique to avoid spam email blacklists, commit identity theft or tarnish the image of the impersonated sender (think of your company).
Email spoofing can be quite easily achieved by specially composing an email message, the scammer can forge fields found within the message header such as the FROM, REPLY-TO and RETURN-PATH addresses. After the email is sent, it will appear in the recipient’s mailbox that appears to come from the address that was entered.
How to tell if an email has been spoofed
If a spoofed email does not appear to be suspicious to the user, it is likely it will go undetected. However, if the user does sense something is wrong, they can open and inspect the email source code. Here, the recipient can find the originating IP address of the email and trace it back to the real sender.
Another sign to look for is a soft-failed Sender Policy Framework (SPF) check, a protocol defined in RFC 7208 that provides a solution to authenticating email senders. If an email soft-failed this protocol, something fishy may have been detected but it was still allowed to deliver.
How to stop email spoofing
To prevent becoming a victim of email spoofing, the following practices should be put into place:
- Keep antimalware software up to date.
- Do not share private or financial information through email.
- Turn spam filters on to the strongest settings, or use tools like Gmail’s Priority Inbox.
- Avoid clicking suspicious links or downloading suspicious attachments.
- Never enter sensitive information into links that are not secure.
- Learn how to open and read email headers for signs of email spoofing.
- Conduct reverse IP lookups to verify the real sender.
- Audit email accounts to see how they respond to SPF and DMARC
Whilst it is understandable that a common user (not an IT professional) will not be able or willing to take all preventive steps, there are certain steps that can be taken to if not prevent, to mitigate to a high degree.