Email spoofing is a phony email that appears to have originated from someone or somewhere other than the actual source. Email Spoofing falls under the phishing attack category. A spoofed email may pretend to be from a friend, co-worker, boss or your favorite website, asking you to provide sensitive info such as passwords or credit card number.
Email spoofing is a trendy tactic used in phishing and spam operations because most people are likely to open an email or download a file when they think it has been sent by a real or familiar source. The goal of email spoofing is to get you to open, and possibly even respond to, a request.
Now a days some spoofed emails can be easily detected and require little action other than deletion, the more sophisticated malicious types can cause serious problems and present high security risks. As an example, a spoofed email may pretend to be from your bank, asking you to login to your account because it has been compromised so they can catch your sensitive info such as a password or bank account number. Otherwise, a spoofed email may contain a link that installs malware on your device when clicked. A common type of spear phishing attack is when a business email Is spoofed from the CEO or CFO of a company requesting a internal access credentials.
How to stop email spoofing
- Keep antimalware software up to date.
- Don’t share private or financial info by email.
- Turn spam filters to strong settings
- check the headers of the email or “from” field
- Avoid clicking suspicious links.
- Avoid downloading suspicious files.
- Conduct reverse IP lookups to verify if it is a real sender.
- Audit email accounts to see how they respond
- Take a cyber-security end-user awareness class
- enroll your staff in a cyber-security tech and end-user awareness class