Email spooﬁng occurs when a message appears to be sent from someone you know but is actually sent from a cybercriminal. Some of the most common spoofed emails appear to come from someone you know and ask you to perform a ﬁnancial transaction for them. These transactions can include:
- Changing banking information
- Buying gift cards
- Mailing checks.
Spooﬁng is easy to do and almost impossible to prevent. It can be as simple as placing a false return address on an envelope when you mail something through the U.S. Postal Service. In this example, the letter would appear to be sent from the spoofed return address printed on the envelope.
When someone spoofs an email address, the email account often remains secure. However, you may begin to see undeliverable messages and unusual emails in your inbox. This is because the hackers are routing messages to your email address.
Identify a Spoofed Email
Vigilance in identifying suspicious messages is the most effective protection against these types of attacks. A primary indicator of a spoofed message is when the known sending email address is different than the email address in the "reply to" ﬁeld. This "reply to" address is most often a firstname.lastname@example.org address created by the attacker. Visit duq.edu/phishing to learn more about identifying characteristics of phishing and spoofing emails.
If you believe you have received a suspicious message or you experience any suspicious activity with your email account, contact the CTS Help Desk at 412.396.4357 or email@example.com.