Email spoofing, what is it?

I received a threatening message from my own email address! Is this real? How did they do it? Should I be worried?

These types of emails are unfortunately commonplace in today’s world. We get at least one call a day about these types of emails. So how do they do it? Every email that is sent has two different types of “from” addresses, there is the address you see in your email and the “actual” email address that was used to send the email. 98% of the time these people have not accessed your email account but “spoofed” it. Spoofing is a technique used maliciously to send an email appearing to be another person from a different email account. The sender masks the “actual” account used to send the email using a variety of technical tools. The easiest way to explain it is if someone was to send a letter to you with your own return address listed. The post office allows them to send the mail because there is no identification required to list your address as a return address.

You will notice if you are using a premium email service such as Microsoft Exchange the majority of these emails will be delivered to your junk mail folder because the back end system has identified the “spoofing” technique used.

There are other instances of spoofing such as emails that appear to come from someone else inside the company or emails that appear to come from a customer, but they did not send them. These types of emails are especially worrisome because they often include instructions to transfer funds or purchase pre-paid and untraceable debit cards.

There are tools available now that can limit and prohibit these types of spoofing. There are now backend tools available to help verify that force validation of both the actual and display from addresses. These validation tools are relatively inexpensive to implement and effective at eliminating the majority of these types of attacks. Contact us today for information on how to protect your company.