How to Spot Email Spoofing
The number of emails we get daily can be overwhelming. We could be excused for not looking at them all closely – well, almost. Except that not taking care to review emails for signs of spoofing could be a real risk to your business. Learn about email spoofing and how to avoid it in this article.
First, what is email spoofing? Don’t confuse this with the foreign prince’s plea for money. Email spoofing is much more nuanced; it’s still a cyber bad guy at work. They try to get you to download malware, enter personal credentials, or give money. Yet now they are mimicking a reputable company or source of an email. The email will, at a hurried glance, appear to be legitimate, and that’s how it works. The spoofer takes advantage of our lack of attention to accomplish their aim.
With email spoofing, the scammer tries to trick you into thinking they are a source you recognize. This might be a supervisor, a colleague, a vendor, or some other entity you work with regularly. Their goal is to get you to take an action you would not otherwise do.
The email will usually look convincing. The would-be attacker will duplicate design elements and mimic the sender’s style. So, you need to be aware.
How to Identify Email Spoofing
There are several signs to look for to identify a spoof email. First, you’ll want to check the email header information. This is a good place to look for tracking information about the message.
To view headers:
- In Gmail, open the email you want to check headers for. Next to Reply, click the three dots and choose “Show Original”.
- In Apple Mail, open the email you want to see headers for, and click View > Message > All Headers.
- In Outlook, open the email you want to check, and then click File > Properties.
Check to see:
- if the “from” email address matches the name of the person displayed as the sender;
- that the “reply-to” address is the same as the sender or the site that the email purports to be from;
- that the “return-path” is the same as the reply-to – you don’t want to think you are replying to “John Doe” when your response will go to “Scammy McScammer”.
The email header is a good starting point, but you’ll also want to ask yourself about the content of the message. If you weren’t expecting a message from that individual or organization, think twice. Also, look out for spelling or grammatical errors. A difficult-to-read message could indicate an unsolicited email from someone with a limited grasp of English.
If the email is pressuring you to act quickly or making an emotional plea for you to do something, be wary. Scammers often rely on urgency or our desire to help. That’s how they trick people into clicking on links or open attachments.
Better Safe Than Sorry
If you aren’t sure about an email’s legitimacy, slow down. Before you act, go to your contact list and send a direct message to that sender’s address to confirm the request. Or call the sender or company the sender apparently represents to verify that the email is a real one.
A managed service provider (MSP) can help you better manage email safety. Ask our IT experts to help set up email filtering and monitoring to avoid malware infection. Learn more today at 508-617-1310.