Email spoofing is a technique used by a sender to forge an email address to make it look like a legitimate one, which usually belongs to a popular entity. People are more likely to open an email that is sent from a respected authority. Hackers try to copy email addresses of government offices, banks, big enterprises and insurance companies to send emails to unsuspecting people that demand confidential information such as bank account details, passwords, PINs, among others. Besides, the email can also include a malware link.
Hackers use email spoofing in phishing attacks or spamming the user. The goal is simple — to make the user open the email and respond to a malicious request.
How does email spoofing work?
Emails work on Simple Mail Transfer Protocol (SMTP), which does not have any sender authentication mechanism. In any email service software, the spammer can change the fields of the header such as From, Reply-to and Return-path address (bounce address). Return path address is not usually visible to the receiver. The From contains the forged email address, and the Return-path is the real address of the hacker. The user, by responding, sends the email back to the hacker.
In addition to the above, the hackers buy domain names resembling that of the company. For example, Candid.Technology is a legitimate address. However, a fake address might look like Candid.Techn0logy.
Also read: How to know if your PC webcam has been hacked and how to tackle it
How to protect oneself from email spoof?
There is not much one can do to counter spoofing. However, a user can try the following methods for protection.
- Using common-sense: Nothing is free. If a user receives an email promising some great reward in return for, say the bank account number, ignoring the email is the best option.
- Keeping anti-malware software up-to-date: Regularly updating the software keeps the user safe from malware tactics.
- Not opening links: Malicious links are the main source form where the hacker can gain information. Clicking on these is not safe and should be avoided.
- Not entering sensitive information on untrusted sources: Usually, the users enter their personal details, knowingly or unknowingly, on unauthorised platforms. Hackers can gain information from there and misuse or sell it on the dark web markets it to gain profits.
- Not sharing personal information by email: A legitimate enterprise never asks about personal information via email. So, a user should always keep that in mind.
- Change passwords frequently: This is a simple and most effective way to secure one’s account.
- Acquainting with the knowledge of the email headers: Email headers is the area where the whole game is being played. A user should always check the sender’s address and match it with the return-to address or the return-path address.
- Implementing DKIM function within the email: DKIM (DomainKeys Identified Mail) allows the user to check whether the author of the domain authorised the email or not. In a secure and legit mail, a DKIM signature is added to the header.
- Avoiding the use of primary email everywhere: User should have at least two emails. While signing up for a mailing list or an offer, secondary email can be used.
Also read: What is a Remote Access Trojan and 4 ways to counter it