Spotting a Spoof Email
Spoof films are simply parody movies – they take a popular film and imitate it with exaggeration for comic effect. Think Airplane!, Spaceballs, Johnny English or Scary Movie.
Just as they rely on the audience understanding the cliches and references they play on to make you laugh, spoofing emails rely on you to recognise the person or organisation the email pretends to be from. However, in this case, it’s not to make you laugh but to get you to do something like click on a link, send money or download a file.
Spoofing is used by cybercriminals to dupe you into trusting them. Here’s how to avoid spoofing emails.
What is email spoofing?
With email spoofing, the sender mimics a reputable company or source of an email. At first glance, the mail appears to be legitimate. It might seem to come from your boss, a colleague, a supplier, a financial institution or a government department. The sender will take care to duplicate design elements and mimic the person or organisation’s style.
This is why it’s important to carefully scrutinise emails that require any action from you before trusting them.
Signs to help with spotting spoof emails
There are several signs that can help you to identify spoof emails. First, look carefully at the email header information. This is a good place to look for tracking information about the message.
Headers:
- Gmail: Open the email. Next to Reply, click the three dots and choose “Show Original”.
- Apple Mail: Open the email. Click View > Message > All Headers.
- Outlook: Open the email you want to check. Click File > Properties.
The first thing to check is that the “from” address matches the sender’s display name. Then make sure that the reply address is the same as the sender (e.g. if the mail display name is ACME Bank, but the email address is SamScams@hotmail.com, it’s likely a spoof). Also, check that the return path is the same as the reply address.
Content:
After checking the header, take a good look at the content of the email. Were you expecting an email from this person or organisation? For example, if there’s an email from ACME Bank saying you need to submit some official documentation for your account, but you don’t have an account with that bank, it’s likely a scam.
It’s also worth checking the tone, spelling, grammar and visuals in the email. Does it sound “right”? If it’s meant to come from your colleague, but it doesn’t read as they would normally write, or it comes across as though it has been written by someone who usually uses a different language, is wary.
Carefully consider any calls to action. If an email pressures you to act quickly or plays on your emotions, be careful. Scammers use urgency or emotion to get people to click on dodgy links or download dangerous attachments.
If you’re not sure, ask
If you can’t be certain an email is legit, call the supposed sender or organisation to check. If you’re still unsure, speak to your IT department or partner.
As a Managed IT Services Provider, Numata works with our clients to protect them and their reputation from cyber criminals by starting from the inside out to better manage their email safety. We can help with setting up email filtering and monitoring to make sure that spoof emails don’t achieve their aim.
Numata offers a range of cybersecurity services for SMEs to assist your business with developing protection against spoofing, phishing and other mail-related cyber risks. Contact us today for a free consultation.