{"id":6982,"date":"2021-06-07T13:24:08","date_gmt":"2021-06-07T11:24:08","guid":{"rendered":"https:\/\/tekmart.co.za\/t-blog\/?p=6982"},"modified":"2021-06-07T13:24:10","modified_gmt":"2021-06-07T11:24:10","slug":"what-is-email-spoofing","status":"publish","type":"post","link":"https:\/\/tekmart.co.za\/t-blog\/what-is-email-spoofing\/","title":{"rendered":"What is email spoofing?"},"content":{"rendered":"<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time-approximately:<\/span> <span class=\"rt-time\"> 4<\/span> <span class=\"rt-label rt-postfix\">minutes<\/span><\/span>\n<h2 class=\"wp-block-heading\"><strong>Email spoofing is a form of cyber attack in which a hacker sends an email that has been manipulated to seem as if it originated from a trusted source.\u00a0<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineImages\/loshin_peter.jpg\" alt=\"Peter Loshin\"\/><\/figure>\n\n\n\n<p>By <a href=\"https:\/\/www.techtarget.com\/contributor\/Peter-Loshin?_gl=1*1bx4hb7*_ga*MzY0MzYwNTA5LjE2MjMwNjQ1NTg.*_ga_RRBYR9CGB9*MTYyMzA2NDU1Ny4xLjAuMTYyMzA2NDU1Ny4w&amp;_ga=2.223996635.198518423.1623064558-364360509.1623064558\">Peter Loshin<\/a><\/p>\n\n\n\n<p>Email spoofing is a popular tactic used in\u00a0phishing\u00a0and\u00a0spam\u00a0campaigns because people are more likely to open an email when they think it has been sent by a known sender. The goal of email spoofing is to trick recipients into opening or responding to the message.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Why email spoofing is important<\/strong><\/h3>\n\n\n\n<p>Although most spoofed emails can be easily detected and can be remedied by simply deleting the message, some varieties can cause serious problems and pose security risks. For example, a spoofed email may pretend to be from a well-known shopping website, asking the recipient to provide sensitive data, such as a password or credit card number.<\/p>\n\n\n\n<p>Alternatively, a spoofed email may include a link that installs malware on the user&#8217;s device if clicked. A common\u00a0example of business email compromise\u00a0(BEC) involves spoofing emails from the chief executive officer (CEO) or chief financial officer (CFO) of a company requesting a wire transfer or internal system access credentials.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Reasons for email spoofing<\/strong><\/h3>\n\n\n\n<p>In addition to phishing, attackers use spoofed email for the following reasons:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Hide the fake sender&#8217;s real identity.<\/li><li>Bypass spam filters and blocklists. Users can minimize this threat by blocklisting internet service providers (ISPs) and\u00a0Internet Protocol (IP) addresses.<\/li><li>Pretend to be a trusted individual &#8212; a colleague or a friend &#8212; to elicit confidential information.<\/li><li>Pretend to be a reliable organization &#8212; for example, posing as a financial firm to get access to credit card data.<\/li><li>Commit\u00a0identity theft\u00a0by impersonating a targeted victim and requesting personally identifiable information (PII).<\/li><li>Damage the sender&#8217;s reputation.<\/li><li>Launch and spread malware hidden in attachments.<\/li><li>Conduct a\u00a0man-in-the-middle (MitM) attack\u00a0to seize sensitive data from individuals and organizations.<\/li><li>Obtain access to sensitive data collected by third-party vendors.<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>What&#8217;s the difference between phishing, spoofing and domain impersonation?<\/strong><\/h3>\n\n\n\n<p>Cybercriminals often use spoofing as part of a phishing attack. Phishing is a method used to obtain data by faking an email address and sending an email that looks like it is coming from a trusted source that could reasonably ask for such information. The goal is to make victims click on a link or download an attachment that will install malware on their system.<\/p>\n\n\n\n<p>Spoofing is also related to domain impersonation, in which an email address that is similar to another email address is used. In domain impersonation, an email may come from an address such as&nbsp;customerservice@amaz0n.co, while, in a spoofing attack, the fake sender&#8217;s address will look genuine, such as&nbsp;customerservice@amazon.com.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How email spoofing works<\/h3>\n\n\n\n<p>Email spoofing can be easily achieved with a working Simple Mail Transfer Protocol (SMTP) server and common email platform, such as Outlook or Gmail. Once an email message is composed, the scammer can forge fields found within the message header, such as the FROM, REPLY-TO and RETURN-PATH addresses. When the recipient gets the email, it appears to come from the forged address.<\/p>\n\n\n\n<p>This is possible to execute because SMTP does not provide a way to authenticate addresses. Although protocols and methods have been developed to combat email spoofing, adoption of those methods has been slow.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"What is Email Spoofing? Spoofing Email Explained\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/qdp_ormFCu8?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>How to tell if an email has been spoofed<\/strong><\/h3>\n\n\n\n<p>If a spoofed email does not appear to be suspicious to users, it likely will go undetected. However, if users do sense something is wrong, they can open and inspect the email source code. Here, the recipients can find the originating IP address of the email and trace it back to the real sender.<\/p>\n\n\n\n<p>Users can also confirm whether a message has passed a Sender Policy Framework (SPF) check. SPF is an authentication protocol included in many email platforms and email security products. Depending on users&#8217; email setup, messages that are classified as &#8220;soft fail&#8221; may still arrive in their inbox. A soft fail result can often point to an illegitimate sender.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"575\" height=\"660\" src=\"https:\/\/tekmart.co.za\/t-blog\/wp-content\/uploads\/2021\/06\/In-display-name-spoofing-a-hacker-forges-a-recognizable-display-name.png\" alt=\"In display name spoofing, a hacker forges a recognizable display name\" class=\"wp-image-6983\" srcset=\"https:\/\/tekmart.co.za\/t-blog\/wp-content\/uploads\/2021\/06\/In-display-name-spoofing-a-hacker-forges-a-recognizable-display-name.png 575w, https:\/\/tekmart.co.za\/t-blog\/wp-content\/uploads\/2021\/06\/In-display-name-spoofing-a-hacker-forges-a-recognizable-display-name-261x300.png 261w\" sizes=\"(max-width: 575px) 100vw, 575px\" \/><figcaption>In display name spoofing, a hacker forges a recognizable display name.<\/figcaption><\/figure>\n\n\n\n<h1 class=\"wp-block-heading\"><strong>9 best ways to stop email spoofing<\/strong><\/h1>\n\n\n\n<p>Users and businesses can prevent email spoofers from accessing their systems in a variety of ways.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>1. Deploy an email security gateway<\/strong><\/h4>\n\n\n\n<p>Email security gateways protect businesses by blocking inbound and outbound emails that have suspicious elements or do not meet security policies a business puts in place. Some\u00a0gateways offer additional functions, but all can detect most malware, spam and phishing attacks.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>2. Use antimalware software<\/strong><\/h4>\n\n\n\n<p>Software programs can identify and block suspicious websites, detect spoofing attacks and stop fraudulent emails before they reach user inboxes.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>3. Use encryption to protect emails<\/strong><\/h4>\n\n\n\n<p>An email signing certificate encrypts emails, allowing only the intended recipient to access the content. In asymmetric encryption, a public key encrypts the email, and a private key owned by the recipient then decrypts the message. An additional digital signature can ensure the receiver that the sender is a valid source. In environments without broad encryption in place, users can\u00a0learn to encrypt email attachments.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>4. Use email security protocols<\/strong><\/h4>\n\n\n\n<p>Infrastructure-based\u00a0email security protocols can reduce threats and spam\u00a0by using domain authentication. In addition to SMTP and SPF, businesses can use DomainKeys Identified Mail (DKIM) to provide another layer of security with a digital signature. Domain-based Message Authentication, Reporting and Conformance (DMARC) can also be implemented to define the actions that should be taken when messages fail under SPF and DKIM.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>5. Use reverse IP lookups to authenticate senders<\/strong><\/h4>\n\n\n\n<p>A reverse IP lookup confirms the apparent sender is the real one and verifies the email&#8217;s source by identifying the domain name associated with the IP address.<\/p>\n\n\n\n<p>Website owners can also consider publishing a domain name system (DNS) record stating who can send emails on their domain&#8217;s behalf. Messages are then inspected before the email body is downloaded and can be rejected before causing any harm.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>6. Train employees in cyber awareness<\/strong><\/h4>\n\n\n\n<p>On top of software-based anti-spoofing measures, businesses must encourage user caution,\u00a0teaching employees about cybersecurity\u00a0and how to recognize suspicious elements and protect themselves. Simple educational programs can equip users with email spoofing examples and give them the ability to spot and handle spoofing tactics, along with procedures to follow when a spoofing attempt is discovered.\u00a0Training should be ongoing\u00a0so that the materials and methods can be updated as new threats emerge.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>7. Watch out for possible spoofed email addresses<\/strong><\/h4>\n\n\n\n<p>The email addresses users communicate with are often predictable and familiar. Individuals can learn to watch out for unknown or odd email addresses and to verify an email&#8217;s origin before interacting with it. Attackers often use the same tactics multiple times, so users must remain vigilant.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>8. Never give out personal information<\/strong><\/h4>\n\n\n\n<p>In many situations, even if spoofed emails get into an inbox, they only cause real damage when a user responds with personal information. By making it a common practice never to divulge personal information in emails, users can significantly limit the effects email spoofing could have.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>9. Avoid strange attachments or unfamiliar links<\/strong><\/h4>\n\n\n\n<p>Users should also steer clear of suspicious attachments and links. As a best practice, they can examine every element of an email, looking out for telltale signs, like misspellings and unfamiliar file extensions, before going ahead and opening a link or attachment.<\/p>\n","protected":false},"excerpt":{"rendered":"<p><span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time-approximately:<\/span> <span class=\"rt-time\"> 4<\/span> <span class=\"rt-label rt-postfix\">minutes<\/span><\/span>Email spoofing is a form of cyber attack in which a hacker sends an email that has been manipulated to seem as if it originated from a trusted source.\u00a0 By Peter Loshin Email spoofing is a popular tactic used in\u00a0phishing\u00a0and\u00a0spam\u00a0campaigns because people are more likely to open an email when they think it has been sent by a known sender.<\/p>\n<p><a class=\"more-link\" href=\"https:\/\/tekmart.co.za\/t-blog\/what-is-email-spoofing\/\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,128,30,54,9,224],"tags":[],"class_list":["post-6982","post","type-post","status-publish","format-standard","hentry","category-datacenter-news","category-email-and-messaging-threats","category-expert-advise-and-opinion","category-hackers-and-cybercrime-prevention","category-tech-definitions","category-technical-explanations"],"_links":{"self":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/6982","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/comments?post=6982"}],"version-history":[{"count":1,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/6982\/revisions"}],"predecessor-version":[{"id":6984,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/6982\/revisions\/6984"}],"wp:attachment":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/media?parent=6982"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/categories?post=6982"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/tags?post=6982"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}