What is Email Spoofing?
Email spooﬁng occurs when a message appears to be sent from someone you know but is actually sent from a malicious attacker. Some of the most common spooﬁng emails come from someone you know asking you to perform some ﬁnancial transaction for them. These transactions can include:
- Changing banking information
- Buying gift cards
- Mailing checks.
Spooﬁng is very easy to do and almost impossible to prevent. For example, spooﬁng is as simple as placing a false return address on an envelope when you mail something via the U.S Postal Service. In this example, the letter would appear to be sent from the spoofed return address printed on the envelope.
When someone spoofs an email address, the email account remains secure in most cases. However, you may begin to see undeliverable messages and unusual emails in your inbox. This is because the hackers are routing messages to your email address.
How to Identify a Spoofed Email
Vigilance in identifying suspicious messages is the most effective protection against these types of attacks. A primary indicator of a spoofed message is when the known sending email address is different than the email address in the "reply to" ﬁeld. This "reply to" address is most often a firstname.lastname@example.org address created by the attacker. Visit duq.edu/phishing to learn more about identifying characteristics of phishing and spoofing emails.
If you believe you have received a suspicious message or you experience any suspicious activity with your email account, contact the CTS Help Desk at 412.396.4357 or email@example.com.