Email spoofing
Email spoofing is a fraudulent email activity hiding email origins. The act of e-mail spoofing occurs when imposters are able to deliver emails by altering emails’ sender information. Although this is usually done by spammers and through phishing emails for advertising purposes, email spoofing can have malicious motives such as virus spreading or attempts to gain personal banking information.
Simple Mail Transfer Protocol (SMTP) does not provide any type of authentication process for persons sending emails. Yet, it is the primary email system for most people, facilitating email spoofing. Now a days, most email servers can provide further security. Also many digital software vendors have created products remedying this problem.
Anything that I can do?
If you don’t believe that an email is truthful or that the sender is legitimate, don’t click on the link and type your email address. If there is a file attachment, don’t open it lest it contains a virus payload. If the email seems too good to be true, then it probably is, and your skepticism will save you from divulging your banking information.
Examples of properties that can be spoofed include:
- FROM name/address
- REPLY-TO name/address
- RETURN-PATH address
- SOURCE IP address
The first three properties can be easily altered by using settings in Microsoft Outlook, Gmail, Hotmail, or other email software. The fourth property, the IP address, can also be altered but doing so requires sophisticated user knowledge to make a false IP address convincing