Spoofing means to deceive, hoax, or trick. In the IT world, spoofing is a tactic hackers and cyber criminals use to trick computer users into divulging sensitive information like passwords, usernames or even credit card numbers. The most common method of spoofing someone is through email. In a spoofed email, the sender impersonates a person, organization, or company.
Most people know what a spam or a phishing email looks like because we constantly hear or read about new email attacks. However, attackers are getting clever and changing the ways they send spam. Attackers, phishers, and spammers are spoofing your email address.
There’s a chance that a spam email could end up in your inbox, and it looks like you sent it!
“From”: Spoofing
With “From: spoofing” emails, spammers can hide the email’s origin, and make it look like you sent the email. From: spoofing means that spammers “fake” the “From:” address on an email to make it look like it came from you. In fact, the email’s return address is your email address.
With From: spoofing, the spammer is spoofing your email address to try and bypass any spam filters and land directly in your inbox.
Why Are You Being Spoofed?
If you’re seeing your email address in the “From:” field of any email you didn’t send, you shouldn’t be alarmed.
There are a few reasons why your email is being spoofed:
- The spammers are trying to spam you directly, and they know that you can’t block your own email address.
- The spammer could be trying to reach someone else. If the spammer tried to email someone else, you could be seeing a bounce message. If the email bounced, that means the email was marked as spam and rejected. Since the email appears to be from you, you’ll received the bounced message in your inbox.
Is Your Account Compromised?
If the spammer states they hacked your account and they’re using the spoof email as proof, they’re lying. They haven’t hacked your account and your emails aren’t compromised. It’s just another one of their tactics to scare and trick you. Spammers don’t need to access your account to create a From: spoofed email, so there’s no need to worry.
To clarify, the spammer used your email address, not your email account. As previously stated, your email account is safe! If you were able to log in and view your email inbox, your account is secure and untouched by the spammer. The spammer is only using your email address as a ploy to get you or your employees’ attention.
Are you wondering how the spammers got your email address in the first place? They could have gotten your email from a devious program or piece of software that searches the internet for email addresses…or they could have gotten it from your company website. There are numerous ways for a spammer to obtain your address, and unfortunately there’s nothing you can do to stop them.
Speak Up
When it comes to emails, or anything on the internet, you can’t always believe what you read. If you see something suspicious, speak up! Notify your employees to closely examine all emails they receive, especially any new emails from you. Have a system in place to alert everyone in the company about any spoofed emails or phishing scams, Word of mouth travels fast, and by speaking up you can avoid any potential threats to your company.
Most email service providers will mark suspicious emails as spam. If you’re one of our Office 365 clients, there will be a display banner along the top of any suspicious emails stating: “This sender failed our fraud detection checks and may not be who they appear to be.”
If you have any questions, your interested in learning more about Office 365, or you’re worried about your security, contact us today!