Everything You Need to Know About Email Spoofing

Everyone with an email address receives spoofed emails, whether they know it or not. That means that everyone is in danger of phishing and scams—even the biggest corporations. In fact, just last year, large financial institutions  such as Bank of America and JPMorgan Chase fell victim to email spoofing. 

But what exactly is email spoofing, and how do you stop or prevent it? We’ll cover that and more below.

Most email systems don’t have built-in authentication. Although there is a filter for spam,  there is no filter for scams. Malicious cyber criminals send spoof emails with the goal of the recipient opening the message. The level of threat ranges from innocuous to severe.  Some may be after your telephone number, whereas others intend to steal your password, financial information, and even your identity. Clicking on a link contained in the email is all it takes to download malware onto your computer. The more advanced spoofing  only requires the recipient to open the email in order to  their personal information.

What is Email Spoofing?

Email spoofing is defined as the forgery of an email address often used for spam or phishing. It’s a common tool used to trick a recipient into opening an email without knowing the true origin. Recipients may believe it to be from the forged sender rather than the actual sender.

What is DNS Poisoning?

DNS cache poisoning is a little more comprehensive than email spoofing. A corrupt or altered DNS (Domain Name System) redirects online traffic to the hacker. Most of the time, you’ll get redirected to a website from a link in the email. The website often looks like that of the supposed sender and contains prompts to sign into your account. When you do, the hacker will be able to see your sign-in credentials. This website may also send worms, viruses, or malware to your computer that enables them to access other data on your hard drive, and you likely won’t even notice.

How Does Email Spoofing Work?

Email spoofing may sound like a complicated matter, but it’s actually rather simple. The object is to make the email headers look like they’re coming from a person or company you might trust. This involves mimicking the email address of the sender. It may also involve creating an email format that looks similar to the perceived sender. 

To convince you of the email's legitimacy, hackers add specific details. They could research an individual or organization through social media, such as LinkedIn, and learn about the organization, specific job duties, or a full department. Then, they'll use that information in correspondence with you in an attempt to convince you to send details about yourself.

The process involves an SMTP server (a server that can send emails) and an  email platform. That’s essentially it. All that’s left is a little research to select and mimic targets, though more vicious spammers may go even further by creating landing pages to link you to.

Sadly, you don’t have to put much effort into spoofing an email. If it wasn’t easy enough already, there are websites that make it even easier. These websites allow single email send-offs with any email address and most are completely free. All you need to do is research the email address you want to mimic, which can be quickly done with Chrome extensions that search for user emails. 

How Do Scammers Fake DNS?

Any networked computer uses a DNS server. DNS servers regularly cache query results in order to improve their response times. To poison the cache, the hacker must pinpoint the flaws in the DNS and exploit them. 

They could intercept DNS communications with the user to route them to malicious IPs, or directly hijack the DNS reconfigure its settings to reroute users and send them to a malicious IP. Traffic containing your personal information can be directly sent to the hacker’s computer.

Learn about DNS filtering solutions from GoGuardian.

How to Spot a Spoofed Email

Some spoofed emails are very well done, but they don’t have to be for you to fall victim to them. In fact, 80,000 people fall victim to email phishing every day. Approximately 156 million spoofed emails are sent daily and 16 million make their way through filters and half of those are opened by the targeted recipient. 

Filters are a great way to catch spoofed emails and keep them out of your inbox, but they’re not fool-proof. How do you spot the ones that make it through? How do you keep from being a victim of email phishing? There are a couple of ways to identify a spoofed email.

First, look at the header of the email. Most email providers contain some form of verification process to filter emails and determine whether the sending server is authorized to use the sending domain. The header of the email contains the results of this process but how it’s displayed will be different on each platform. In Gmail, you can click on the three little dots in the upper right corner of the email, and select “show original”. If you don’t have Gmail, you can use this site to determine how to read headers and identify spam.

When you do this, you’ll see a bunch of to/from information that’s fairly easy to read, but below that is complex code.containing information that will help you identify whether or not it’s spoofed. You can ignore most of the code, but there are a few sections you need to pay attention to: where it says “Received:” and “Received- SPF:”.

After “Received:” you should either see the sender it claims to be, or the actual origin. For example, if you’re sending yourself an email, it will show your name (unless you’re sending a company server, then it will show the name of the company). It may also show an IP address, in which case there are sites like Domain Tools to verify the IP. Doing so will reveal the real sender as well as their general location. 

After “Received-SPF”, you’ll see whether the email passed or failed verification. You may also see a “softfail”. If it fails, it is most likely spoofed, but a “softfail” means the verification system is not certain whether the source is legitimate or not. If it passes, the email is authentic.

Other tell-tale signs of email spoofing

You don’t have to be technically minded to spot spoofing and scams. In many cases, there are very obvious signs. Here are a few:

• Check the subject lines. They’re often aggressive or alarming to scare you into paying attention. 
• Check the body text. It will often contain contradicting information, such as two separate names. You’ll frequently see spelling mistakes, or regional spelling errors. For instance, in England, they often spell color as colour.  and many countries learn “British English” rather than “American English”. Spelling variation can be a telltale sign that the email is not from the perceived sender. 
• Hover over links before clicking them. When you hover, it will let you know the real url of the link. Avoid it if it looks suspicious. 
• Beware of requests for personal information. If an unexpected email requests sensitive data, , it’s almost always a scam. You should never give out this information over email.
• Strange capitalization, too much professional jargon, or strange phrasing are also red flags. This often occurs from hastily copy and pasting or from text automation. The use of professional jargon may be overly used in an attempt to seem credible. 
• Contact information should appear in legitimate corporate emails. Some spoofers know this, and will include a fake address. You can easily verify this information.
• The tone of the email doesn’t sound like the colleague you know. 
• Does the sender’s name match that in the email address?
• Mailed-by and signed-by fields must be present for the email to be legitimate. 
• Detect look-alike domains. If a domain has protection from use by spoofers, they might create a similar domain. For example: “Netflix<netflix@netflics1.com>”

How to Stop Email Spoofing

Between 2013 and 2015, companies lost approximately $1.2 billion to email spoofing. Both Google and Facebook lost $100 million in one spoofing attack. It affects businesses and individuals all the same—so how do we stop it?

There are a few things you can do if you’ve responded to a phishing scam or clicked on a link. If a scammer obtained your personal and sensitive information, go to IdentityTheft.gov. Follow the instructions based on which information you provided to a scammer. They’ll create a personalized recovery plan to get back in control of your data. You should also report the spoofing to the Anti-Phishing Working Group. Forward the email to reportphishing@apwg.org and report it to the FTC at FTC.gov/complaint.

Another step you can take is to run a scan of your computer. This will determine if a link or email downloaded a virus, worm, or malware. You may need to purge the computer or network server if it’s recoverable and may want to upgrade your security software.

How to Prevent Email Spoofing

Recovering from a spoofing attack is a lot harder than preventing one. Spam filters are useful in separating or blocking spoofed emails but scammers will continue to find ways around these filters. Extra protection and awareness are always beneficial. 

There are several ways to avoid falling victim beyond automatic filters. Here’s how to prevent spoofing:

• Use security software that prevents the download of malware and viruses. 
• Use SPF, DKIM, and DMARC email security standards to protect your domain from spoofing. Will also protect others from using your domain to spoof others. 
• Set software to update automatically, even on your phone
• Use multi-factor authentication. Even if they get your username and password, there  will be an extra layer of protection.
• Backup your data. Set it to back up automatically.
• Copy sensitive files such as tax documents to an external hard drive. Then remove them from the main computer.
• Train employees to recognize the signs of spoofing and how to test headers.
• Use email signing certificates.
• Set up authenticated emails with a transactional email service.
• Use filtering and monitoring software. This is especially helpful for businesses and schools with many connected devices.

Stop Email Spoofing

Email spoofing is incredibly dangerous. It threatens the security of our personal information and financial details. Tens of thousands of people fall prey to it every day. Don’t be a victim of phishing—protect yourself by spotting scams before you click and improve your online security.

GoGuardian filtering and monitoring software protects thousands of students and schools from malware and phishing. Learn more about filtering and monitoring software from GoGuardian.