Email Spoofing: What You Need To Know

Top left corner of a computer screen with gmail on it

Email spoofing is one of the most common techniques that cyber criminals use. Email spoofing happens every day and, thanks to your email's spam filter, you may not even realize that it is happening to you. So what is email spoofing? Why are cyber criminals doing it? Most importantly, how do you keep it from affecting your day to day life?

 

What Is Email Spoofing?

Email spoofing is when a cyber criminal creates an email header in the hopes that you will think it comes from someone that you trust. If you think the email is coming from someone that you trust then you are more likely to "rescue" it from the spam folder and open it. Since most email programs don't have built-in methods of authentication, this is more commonplace than you might imagine.

How Does It Work?

So how is it done? We touched on it briefly, but email spoofing really depends on the openness of email protocols. The most common protocol for email servers is called Simple Mail Transfer Protocol (SMTP) and its how the majority of the email servers in the world operate. This type of protocol doesn't have a way to check to make sure that the email addresses that people are sending from are legitimate email addresses. And while there have been other protocols developed to fight email spoofing, it's been slow going to get them adopted by major companies.

When you see an email that comes from an email address that looks like it could be right, you are more likely to open it. For example, you may receive an email that appears to come from a large business and open it automatically. This type of spoofing is one of the most common. We all recognize big brands so we tend to think that an email from them would be safe.

Why Spoof Email Addresses?

So why are cyber criminals spoofing email addresses? What could they hope to accomplish using such underhanded methods? One of the reasons is to hide their true identity. There are other ways of doing this, but spoofing email addresses allows people to use multiple email addresses at a time to create multiple identities.

Avoiding Spam BlackLists

Another reason to spoof email addresses is to avoid spam blacklists. When you get an email from that Nigerian prince who wants to pay you to hold on to his half million in USD, you know to push that spam button and make sure that you don't get another email from him. Well, the scammer who is running this scheme is more than likely using email spoofing. This allows them to change email addresses as quickly as you can push them into the spam category. This means that they are able to cast a wider net to catch their prey.

 

Someone You Used to Know

Well what if you get an email from someone you think you know? I know I have a very common name and I have been asked by my family and friends if I sent them an email recently. Usually, the answer is no. But scammers will use common names to try and pretend to be someone you know. They are trying to trick you into giving them sensitive information such as birthdates and passwords or access to personal accounts.

 

Business Ties

Another way that a scammer will use a spoofed email address is to pretend to be a business that you have a relationship with. The big box retail companies are a normal target for this sort of spam. Cyber criminals know that if you see an email from a large business that you have everyday ties to, you are going to open them, especially if they are promising something free! 

 

Derogatory Statements

Have you ever gotten one of those crazy political emails that just slings mud all over one of the candidates? Then you go in and look at the sender and realize that it didn't come from any of the affiliated groups? This is another way that scammers will try to get you to open and respond to a spam email. They try to ruin the reputation of the sender or someone affiliated with the sender. 

Ultimate Goal

No matter what the reasons or the methods that email spoofers have, their ultimate goal is the same. They want you to open the email and respond to it. Once you have opened the email, it will send a notification back to the sender to let them know that the email address that they are sending to is a good one. That way they are able to send more emails to that same address and know that the probability of the email being received is higher. If you respond to them, you have given them a victory. Now they have a fool-proof way to contact you and they are going to try to exploit it.

You Can Put a Stop to It

So what can you do to stop them? One of the easiest ways that you can prevent your inbox from being inundated with spoofed emails is to have your email set up with a good spam filter. Luckily most email clients already come with one. Google and Microsoft both have some great spam filters and are routinely updating theirs to account for changes in the way the cyber criminals attack. 

Another easy way to make sure that you are not being spoofed is to make sure that you are running a good antivirus program. You don't have to spend a whole lot of money to have good virus protection. There are plenty of affordable antivirus programs that can and will do a superior job making sure that nothing gets through to you. 

Frameworks to Protect Your Business

As a business owner there are more steps that you can take to help eliminate the spoofing that your employees and users see. Today there are several frameworks that have been developed to try and slow the spoofing down. These frameworks are not designed to prevent spam, rather they are designed to prevent unauthorized access to the users' email addresses.

Sender Policy Framework

Sender Policy Framework is one such authentication method. SPF checks whether the IP address where the email is coming from is authorized to send mail from the domain. Basically, it is asking the website if this address belongs to it. If the website gives a positive, then the email will go ahead and send. This requires the receiving server to do a lot of extra authentication work and also hinges on the sending server to have accurate information. It can lead to false positives and you can still get some spam through.

 

Domain Key Identified Mail

Domain Key Identified Mail is another type of framework that is being used to authenticate good email addresses. This method uses a pair of cryptographic keys, kind of like a secret handshake, to sign outgoing messages and validate incoming ones. Those that don't have the right secret handshake are sent to either spam or disregarded altogether. There is a backdoor to this system, however. Since the only messages that get the keys are the original ones being sent, forwarded messages can still be sent to any one without breaking the cryptographic key. 

 

Domain-Based Message Authentication,
Reporting and Conformance

Domain-Based Message Authentication, Reporting and Conformance is another way that companies are cracking down on spoofing and spam. This gives the sender the option to alert the receiver know that the email is being protected by one of the other frameworks, such as SPF and DKIM. This lets the receiver decide what to do with the email when the message fails authentication. This is the latest framework and is not being used widely yet.

Protecting yourself and your company from email spoofing is essential to keep your information safe. The main goal of a cyber criminal who launches a spoofing attack is for the user to respond to the email. Remember to always double check the sender's address. This is the best way of making sure that their attack is not successful.