E-mail Spoofing: How to Detect and Avoid Losing Your E-mail Data

Our email accounts are much more vulnerable than we think. However, and even with this in mind, a large number of people day after day are victims of attacks carried out through the multiple vulnerabilities of the email itself. One of the attacks is known in English as e-mail Spoofing and it is one of the most sequels that leaves, especially if the act of data theft is involved. Next, we will explain in detail what happens when we have an attack of this type and how to protect ourselves effectively.

Naivety is one of the characteristics of the human being, in general terms. Cybercriminals take advantage of this to a great extent. However, this does not mean that precisely those who attack are robots or something like that. Rather, they think and look a little further on how people behave in certain situations. A classic example of applying this type of email attack is a fake email. Which comes from the “president of the company” for which you work, apparently everything looks legitimate, including the sender’s address.

E-mail Spoofing

The content of the email should already seem strange to you. Well, it will request you with extreme urgency to make a bank transfer of a certain amount of money to your supposed corporate account in order to pay for the expenses of a relative’s surgery. Remember that this is just an example and the situation can be of any kind. However, even those situations that may seem the most outlandish are credited by the victims. Consequently, they end up yielding to that supposed urgent transfer request. Thus, without major laps, a simple email is capable of taking money from hundreds or thousands of people.

E-mail Spoofing and its relationship with Phishing

It is good to know that Spoofing email is like a bridge that allows the execution of whaling attacks. It is characterized by sending email messages with content or instructions to carry out actions for malicious purposes. The main difference is that the cybercriminal masks his original email address by that of the spoofing victim. It is like having your Gmail account hacked, for example, without you noticing. You send and receive emails with apparent normality.

However, not only does phishing use Spoofing e-mail to request funds transfers, this technique would also serve the following:

  • That the victim provide personal or financial information under alleged circumstances of urgency or access to a counterfeit bank portal “to confirm data.”
  • Appropriation of information related to intellectual property or classified or restricted access information.
  • Download malicious files that contain malware, ransomware and / or malicious code to form potential botnets that trigger attacks like DDoS.
  • Clicking on links contained in advertisements, banners, photos that redirect to misleading portals.

More than one will think that it is easy to realize that these types of messages always end badly, that is, in attacks. However, the situation is complicated when the sender appears to show that it is completely legitimate. Based on the fact that the victim perceives that the sender is legitimate, the victim will do whatever the message content indicates.

The importance of preventing this type of attack

As we have explained, Spoofing e-mail has a strong presence in corporate settings. However, we must remember that a large part of workers carry out their activities from home. Which means there are many more possibilities. Even more so when the collaborator does not feel strictly controlled by his superiors or the network administrators. However, it is important to be careful with each email message received, especially if you deal with hundreds of messages on a daily basis. The routine often leads to the immediacy of carrying out certain activities and with the slightest carelessness, problems arise.

If you receive an email with potential content, take a couple of minutes and pay attention to the following:

  • The subject of the message: if the subject communicates or implies a certain sense of urgency or if it is already greatly exaggerated, you have to hesitate.
  • The content: practically the same criteria as with the subject. Texts like “You must log into your account as soon as possible to confirm your details” are not signs of anything good. The best thing you can do is ignore it and delete the message as soon as possible.
  • The sender of the message: We know that when we receive a message, we can see who the sender is. Generally, we pay attention to the name. However, the email address must also be a point of attention. Later we will see an example.

Identifying a potential E-mail Spoofing

If we look at the sender «From» we see that it is called «Rackspace.com» . However, the email does not correspond to the Rackspace domain in question. Rather, it corresponds to any other. Here is an important detail: not exactly the sender’s names correspond to the email. Anyone can pose as the president of an organization with a name like “Tim Cook – Apple CEO” and my email address is a common one, like Gmail’s .

Now, let’s move on to the content. Without observing too much, we notice that the content appears to be legitimate . Since it indicates that there were some errors when receiving messages and that many others went into quarantine. It is even possible to view a link that allows you to review those messages. However, does the content really make sense? Well, if I have messages that apparently I couldn’t receive, I shouldn’t have an alternative way to view them. Unless I have problems with the email client, like Outlook, and in that case I can receive all my messages from the web client. Before messages of this type, it is advisable to report them and / or contact the support of your organization if the case applies.

As we discussed, the matter can also help us identify potential malicious messages. The example we see above says it is an alleged response from a ticket number raised to the support team. But what if I never submitted a ticket? If you receive messages like these, you should also report these cases and contact support so they can take appropriate action.

In this article, we have touched on the subject of email encryption . The main objective of this protection alternative is to ensure that the content of the messages is not altered along the way. It also guarantees that the sender of the message really is who he claims to be. Methods like S / MIME and PGP are the most used when it comes to protecting each of the emails we send and receive.