Like me, you are probably overwhelmed with the number of emails you receive each day and you could be excused for not looking at them all closely. But not taking this seriously can be a huge risk to your business. Keep reading to learn more about email spoofing and how you can avoid it.
Spoofing is when a scammer impersonates a person or company known to you. Since they are known to you the bad guy assumes that you will let your guard down and potentially open an attachment or click on a link that you shouldn’t have.
The email will usually look convincing and the would-be attacker may also try to mimic the sender’s style. So, be aware otherwise you could be opening a large security hole that the scammer can walk right through!
There are several signs to look for to identify a spoof email. First, you will need to check the email header information.
To view headers:
- In Outlook, open the email you want to check, and then click File > Properties. Then look in the Internet Headers section.
- In Gmail, open the email you want to check. Next to Reply, click the three dots and choose “Show Original”.
- In Apple Mail, open the email you want to see headers for, and click View > Message > All Headers.
Check to see:
- if the “from” email address matches the correct name of the person displayed as the sender;
- that the “reply-to” address is the same as the sender or the site that the email purports to be from;
- that the “return-path” is the same as the reply-to – you don’t want to think you are replying to “John Doe” when your response goes to “Dodgy Hacker”.
You also need to look carefully at the content of the message:
- Are you expecting an email from that individual or organisation?
- Look out for spelling or grammatical errors. Does that person normally make mistakes?
- Look at how the person writes. Is it similar to how they normally write?
- Is the email emotional or pressuring you to act quickly. Scammers often rely on urgency or our desire to help, this is one way they trick people into clicking on links or opening attachments.
If you are not sure about an email’s legitimacy, ring the person or company involved. It is better to think and take some time, rather than responding quickly and then regretting it later!
If you are still worried, contact our IT experts to check your current email filtering and if needed provide some staff training to avoid malware infection.