What Are Spoofing Emails and How Do You Spot Them?

Airplane. The Naked Gun. Blazing Saddles. We’re all familiar with the spoof movie, a humorous imitation of the real deal. Email spoofing, however, is no laughing matter, and spoofing attacks can impact your brand, lead to financial losses, and expose you to liability and regulatory penalties. Spoofing emails, basically forged emails, are designed to look like they originated from a legitimate or familiar person or place rather than their true source, a phisher. The goal of email spoofing is to get recipients to open, and respond to, a solicitation.

8 Common Spoofing Emails

Spoofing emails used to be easy to detect due to poor spelling, grammar, and other obvious factors. However phishing attacks have gotten more sophisticated and even the savviest internet users have been known to fall for phishing scams. Spoofing emails should not be confused with clone phishing, however. Clone phishing scams replicate a recent message you’ve received, swap out the link for malicious one, and claim the email is being resent because of an update to explain the duplicate nature of the email and persuade you into re-clicking and re-entering personal information.

Here are some of the most common spoofing email tactics.

1. Deactivation Scares

These phishing attacks rely on the element of surprise to get people to react without thinking. They look like they’re coming from an organization you may or may not belong to, such as a bank, and state that your account will be canceled if you don’t take immediate action. A link will typically be included, which takes you to a fraudulent website mimicking the real one, asking you to log in. Once you’ve done that, the phisher has access to you login information and credit card.

2. Account Notification

Similar to deactivation scare, these involve phony emails designed to look as if they came from a popular retailer like Walmart, or social network such as Facebook, complete with corporate logos to make it more convincing. The email states there is an issue with your account that needs to be taken care of immediately, and provides a link to fix the problem. Once you’ve plugged in your username and password, the cyber-criminal has your information and can use it to log in to your real account and make purchases.

3. Tech Support Scams

These convincing spoofing emails are designed to look like they’re coming from your internet provider, or from a company such as Microsoft. Often, the email will ask you to install troubleshooting software. This software will ‘“find” lots of malware and offer to clean up the problem—for a price. Once you’ve entered your credit card information, the phisher has your account information to use for fraudulent purposes.

4. Penalty Warnings

Many people are probably guilty of visiting an inappropriate site at some time or another, or possibly downloading a song or movie illegally. This scam banks on it, and the email is designed to look as if it is coming from the FBI warning that you need to pay up or face the consequences (often jail). While you may find it hard to believe anyone would fall for this, some people choose to err on the side of caution and will make the payment just to make the problem “go away.”

5. Charity Scams

These spoofing emails tend to rear their ugly heads in the aftermath of a disaster, such as a hurricane or a shooting. The emails are designed to look like they’re coming from a legitimate charity or fund, asking for donations. If you donate, they will likely ask again and again, until you stop or realize it’s a scam.

6. Package Delivery

These spoofing emails appear to come from a delivery service such as FedEx or UPS, stating that a package being delivered to you, or that you’ve missed a delivery. Of course it will include a link that will provide “more details.” Once you’ve logged in, the criminal has access to your information. This scam is especially popular during the holidays when people tend to send or receive many packages.

7. Wire Transfer Scams

If you think only the unsophisticated among us would fall for a wire transfer scam, don’t be fooled. Between 2013 and 2015, scammers stole over $120 million from Google and Facebook. in that phishing scam, a group of conspirators created convincing spoofing emails using fake email accounts, which looked like they were invoices sent by Quanta Computer in Taiwan (a company the two tech giants actually conduct business with). If tech-savvy employees at these companies can be duped by a wire-transfer spoofing email, it can happen to any of us.

8. Tax Fraud

Another popular spoofing email may mimic the header of the IRS, claiming you owe back taxes and must pay up now—or else. Because no one likes to cross the IRS, especially during tax season, phishers often receive their pay day. However, according to the IRS website, “the IRS doesn't initiate contact with taxpayers by email, text messages, or social media channels to request personal or financial information.”

How to Stop Email Spoofing

If you suspect that an email is spoofed, you can open and read the email’s source code. Here, you can find the originating IP address of the email and trace it back to the real sender. However, spoofing emails are designed to fool people, so a recipient often won’t find them suspicious. Plus, when people are receiving dozens or possibly hundreds of emails a day, it’s unreasonable to expect them to do this for every email. Because relying on a human firewall is a recipe for disaster, it’s important that the following practices are put into place:

  • Keep anti-malware software current.
  • Do not share private or financial information through email.
  • Put spam filters on the strongest settings.
  • Do not click on suspicious links or download suspicious attachments.
  • Never enter sensitive information into links that are not secure.
  • Navigate directly to a sender’s website rather than click on the links.

Of course, the best way to stop email spoofing is to install an active defense anti-phishing solution such as Clearedin. Clearedin works in the background and red-flags any suspicious emails with a phishing alert, disarming and locking the email so it cannot be replied to or forwarded until it’s marked as safe by the recipient. In the meantime, however, employees can open it to learn why it was flagged. There are a number of reasons why it may be flagged, such as:

  • Displayed text is different from the real URL
  • Email contains words that are frequently used in email phishing (e.g., password)
  • The sender belongs to an unsecure domain
  • The sender’s address is unusual or questionable

With Clearedin’s anti-phishing, anti-email spoofing software, you can engage your employees and make them an active participant in the war on phishing. Get your employees ready for combat with Clearedin and contact us today.

New call-to-action

How “Crowd Wisdom” Helps ...

Subscribe for updates

Get weekly updates on phishing and other web attacks