Email spoofing is a type of cyber attack that involves sending an email message to the victim to trick them into believing that the sender is a specific person or company. Normally this technique is used by attackers or fake companies to extort sensitive data from users (in this specific case we speak of "phishing") or to carry out a scam. If you suspect that one of the emails you received is spoofed, check the message header to see if the sender's email address is legitimate. Alternatively, you can carefully examine the subject and body of the message for clues confirming that it is a spoofed email.
Steps
Method 1 of 2: Examine the Header of an Email
Step 1. Check the sender's email address and not just the name that appears
Spoofing scam emails are created using the name of a seemingly familiar sender to trick you into believing the message is genuine and taking action. When you receive an email, move your mouse pointer over the sender's name to see the real email address it came from. Often the addresses from which these e-mails come are very similar to the real ones.
- For example, assume you've received an email that appears to come from your bank. In this case the sender's name will be "Banca Intesa" or "UniCredit Banca". If the actual address the message came from is something like "customer [email protected]", it is most likely a spoof email.
- If the sender's name is that of a person or company you know, make sure the email address the message came from actually matches the real one.
Step 2. Check the email header
The full address from which an email comes is displayed at a specific point in the message header, which varies by email provider. Reviewing this information is very important, as the email address must match the real address of the person or company it is supposed to come from.
- For example, if you use Apple's Mail app, the information relating to the sender's e-mail address can be viewed by clicking on the message to be checked, accessing the "View" menu located at the top of the screen, selecting the "Message "and choosing the" All Headers "option. Alternatively, you can press the "Shift + Command + H" key combination.
- If you are using Outlook, select the "View" item and click on "Options".
- If you are using Outlook Express, select the "Properties" option and click on "Details".
- If you are using Hotmail, go to the "Options" menu, choose the "Display Settings" item, select the "Message Header" option and choose the "Complete" item.
- If you are using Yahoo! Mail, choose "View full header".
Step 3. Check the "Received" parameter
Each time a user sends or replies to an email, a new "Received" field is added to the message header. Within this parameter the real e-mail address of the sender is stored and is visible. In the case of a spoofed email, the address in the "Received" field will not match the real address of the sender.
For example, in the "Received" field of a legitimate email from a Gmail address, you will find information similar to "Received from 'google.com: domain of'", followed by the full, real address of the sender
Step 4. Check the "Return-Path" parameter
Within the header of any e-mail message there is a section called "Return-Path". This is the address that is used to send all reply messages. This e-mail address should be the same as the one associated with the sender of the original message.
For example, if the name of the sender from which the email under examination arrived was "UniCredit Banca", the address displayed in the "Return-Path" field of the message header should be similar to the following "[email protected]". If not, it is very likely that it is a spoofed email
Method 2 of 2: Check the Email Content
Step 1. Review the subject of the message
Most spoof emails adopt an alarming or aggressive subject line to try to grab the user's attention and intimidate them into following the directions contained in the message body without delay. If the subject of the email appears to have been created with the intent to scare or worry you, it could be spoofed.
- For example, a subject like "Your account has been suspended" or "Action needed: account suspended" indicates that the email is most likely a spoof message.
- If the offending email is from a known sender, the subject should be something more like "I need your help".
Step 2. Place the mouse pointer over the links
If there are links in the body of the email, do not use them for any reason. In this case simply move the mouse pointer over a link, a small pop-up window or a small box should appear showing the real URL that the link points to. If it looks like a suspicious address to you or is in no way directly related to the sender of the email, don't use it.
Step 3. Look for typos or grammar errors in the text
Legitimate emails from real senders are flawlessly written. If the email in question contains gross typos or grammar errors, it is certainly very suspicious.
Step 4. Always pay attention to the request to provide personal and sensitive information
Most legitimate companies, specifically banks, insurance companies, or any entity linked to a financial service, never require you to send personal and sensitive information via email, such as account username and password or access codes. For this reason, never give this information to anyone if requested by e-mail.
Step 5. Check if the email was written in extremely professional language and jargon
Just as with superficially written and ungrammatical emails, even those that seem overly professional can pose a threat. If the text of the email was written too professionally or rigorously, and therefore looks different than what the person usually uses that you assume should be the actual sender of the email, it could still be spoofing.
Step 6. Examine the tone of the email
If you've received an email from a company or client you usually work with, it should contain detailed information about your relationships. If the content seems vague compared to normal, it could be a suspicious email. If the message appears to be sent by a friend of yours, make sure it is written in their usual tone.
Step 7. Look for contact information if it is a professional email
The communications that legitimate companies send to their customers always include the contact information of the person to refer to. If there is no email address, phone number, or way to contact whoever wrote you in the message you received, it is most likely a spoof email.
Step 8. Contact the sender of the email directly
If you don't know what to do, contact the sender of the suspicious email directly. Refer to the website of the company in question to locate customer service contact information. The people who work in the customer service department will be able to help you determine if this is a legitimate communication or not. If the email came from a friend of yours, contact them via SMS or call them directly on the phone to check whether or not it is spoofed.
