Spoofing in layman terms is the imitation and manipulation of information or the impersonation of individuals with a motive to outwit others. The sole objective of spoofing is to deceive individuals while aiming for either monetary gains or non-monetary profits of similar worth. Netizens i.e. the citizens of the internet have been steadily noticing incline in the rates of cybercrimes and frauds. Many social engineering attacks have been devised and upgraded regularly by hackers and fraudsters who are on the prowl for innocent users to trick them, invest their devices and gradually steal from them.
Considering spoofing is nothing new, there are many different types of spoofing techniques used by scammers on various mediums, both on and off the internet. One such spoofing tactic is e-mail spoofing. Here the fraudster chooses e-mail as his medium of contact with target as people tend not to overlook emails sent from legitimate sources.
Within e-mail spoofing there are two major roles in action, a sender who sends the e-mail and a receiver who receives the email. To e-mail spoof the receiver, the sender (fraudster) manipulates the header of the email in order to make it look like it’s from a particular source or origin. The basic purpose of forging the header is to make the e-mail more believable and convincing to the reader. For instance, if an e-mail sent to you looks like it’s from a popular shopping website which is writing to you for special coupon redemption or seasonal sale discount, there is a definite chance of the email being spoofed. How? Well, the very next step in the process would be requesting your credit/debit card details for initiating the process.
E-mail spoofing doesn’t only serve the purpose of leaking financial details to the scammers but also assists them in spreading disastrous malware and spyware on to your system, making all your files vulnerable to attacks and exploitation by providing your system’s access to hackers.
As a relief, it is actually possible to check if the e-mail you received is spoofed. For different e-mail platforms there are varying methods. For example if you use Gmail, it is pretty simple to check who the actual sender of the e-mail is.
In order to check for original sender, follow the following steps.
- Open the email you suspect and look for the options of the e-mail. The icon usually looks like 3 vertical dots.
- Now choose ‘show original’ from the options listed.
- Once you click this, you will be directed to a page with all the technical information of the e-mail but note that all of it isn’t necessary for your purpose.
- Look for domain name and IP address in the “Received” field and the validation results in the Received-SPF field.
- Once you locate these, you can see the original email source of the spoofed email along with the sender’s IP address.
- In the Received-SPF (sender policy framework) field, look for the words ‘does not designate as permitted sender’ if you see this statement, it’s confirmed that the email is spoofed.
- At the same time if it says, ‘designates as permitted sender’ then the email is original.
- Also ensure that the options of DMARC (Domain-based Message Authentication, Reporting, and Conformance), DKIM (DomainKeys Identified Mail), and SPF (senders’ policy framework) are set to pass instead of fail/softfail. Pass signifies original and fail/softfail signifies spoofed.
How to Avoid Getting Spoofed
- Do not believe in any given header or name immediately.
- Read the e-mail carefully and never click on any links or attachments sent.
- Do not download or run any sent file.
- Look for errors in grammar and spellings of the email.
- Do not provide personal information. Be it credit information or personal life details, do not share.
- Do not rush on finding tones of urgency or risk in the e-mail’s content or subject.
- Do not believe in offers, discounts, free trips, rewards etc. Also do not fall for emails that warn you that your social security is at risk and requires immediate action.
- Do not share credit/debit card information or bank account details to anyone on e-mail or any platform even if they claim to be from your bank.
- Set your mail’s spam levels to high.
- Install antivirus software to notify you if there is anything going on in the background that could cause further damage.
Using simple precautions and keeping an alert mind, it is easy to avoid getting spoofed by e-mails. Keeping yourself updated with latest social engineering innovations and upgrades is helpful to be aware of all the ways you can be targeted for scamming and dodge all such attacks.