First, what is email spoofing? Don’t confuse this with the foreign prince’s plea for money or basic phishing emails. Email spoofing is much more nuanced; it’s still a cyber-bad guy at work. They try to get you to download malware, enter personal credentials, or give money. Yet now they are mimicking a reputable company or source of an email. At a hurried glance, the email will appear to be legitimate, and that’s how it works. The spoofer takes advantage of our lack of attention to accomplish their aim.

The scammer tries to trick you into thinking they are a source you recognize with email spoofing. The source might be a friend, colleague, or other business you regularly work with. Their goal is to get you to take an action you would not otherwise do.

The email will usually look convincing. The would-be attacker will duplicate design elements and mimic the sender’s style. So, you need to be aware.

How to Identify Email Spoofing

There are several signs to look for to identify a spoof email. First, you’ll want to check the email header information. This is an excellent place to look for tracking information about the message.

To view headers:

• In Gmail, open the email you want to check. Next to Reply, click the three dots and choose “Show Original.”
• In Apple Mail, open the email you want to see headers for, and click View > Message > All Headers.
• In Outlook, open the email you want to check, and then click File > Properties.

Check to see:

• if the “from” email address matches the name of the person displayed as the sender;
• that the “reply-to” address is the same as the sender or the site that the email purports to be from;
• that the “return-path” is the same as the reply-to – you don’t want to think you are replying to “John Doe” when your response will go to “Scammy McScammer.”

The email header is a good starting point, but you’ll also want to ask yourself about the content of the message. If you weren’t expecting a message from that individual or organization, think twice. Also, look out for spelling or grammatical errors. A difficult-to-read message could indicate an unsolicited email from someone with a limited grasp of English.

Be wary if the email pressures you to act quickly or make an emotional plea for you to do something. Scammers often rely on urgency or our desire to help. That’s how they trick people into clicking on links or open attachments.

Better Safe Than Sorry

If you aren’t sure about an email’s legitimacy, slow down. Before you act, go to your contact list and send a direct message to that sender’s address to confirm the request. Or call the sender or company the sender represents to verify that the email is authentic.

A managed service provider (MSP) like Hopedale Technologies can help you better manage email safety. We can help set up email filtering and monitoring to avoid malware infection.