Email spoofing is a specific type of cyber-attack where hackers manipulate and send emails to accounts, making them appear to be from legitimate sources. It falls under the umbrella of phishing or spam because hackers know that people are more likely to open an email if it comes from a trusted source. Occasionally these spoofed emails will ask recipients to provide sensitive data, such as passwords or financial information. Or the email may contain links that install malware on the recipient’s computer if clicked.
Hackers use email spoofing because it is an effective way to get around spam filters and blocked sender lists. By assuming the identity of a trusted sender, they are more likely to be successful in collecting sensitive information.
Email spoofing is generally achieved using a Simple Mail Transfer Protocol (SMTP) on a generic email platform. The hacker composes an email in the usual way and then forges fields within the message header and address bars. When the recipient receives the email, it appears to come from the forged address. This works because the SMTP has no inbuilt way of authenticating addresses, and attempts to do so have not been widely adopted.
Hackers generally use addresses that are widely trusted. Spoofed messages will usually encourage recipients to take some action, such as clicking a link to prevent account suspension or changing a compromised password. This allows hackers the chance to harvest sensitive information. Other more sophisticated email spoofing tactics include targeting staff at financial institutions. In many cases, email spoofers will even use branding elements from official websites to make the emails seem more legitimate.
It is estimated that more than 3 billion spoofing emails are sent daily, with nine out of ten cyber-attacks starting with an email. Email spoofing is thought to have cost businesses worldwide around $26 billion since 2016. Many spoofing attacks purport to be from senior staff within the organization, which should be of particular concern for businesses due to the high levels of potential risk involved.
Most legitimate organizations will not ask people to provide sensitive information via email. So, if an email is received asking to change a password or confirm account information, exercising caution is always a good idea. Recipients can open and use the email source code which will contain the original IP of the sender. It is also possible to use the Sender Policy Framework (SPF) included in many email providers’ security products. This authentication protocol may flag emails that have the potential to have been spoofed.
Businesses can prevent email spoofing in several ways, including:
These block emails containing suspicious elements or ones that do not meet security protocols put in place by users.
Businesses can set up encryption keys to ensure messages are only received from valid senders.
Some software programs can detect and block emails from suspicious senders or identify fraudulent attacks.
Effective security awareness training can help employees exercise caution and recognize suspicious elements. Training can use email spoofing examples and teach effective handling tactics – such as not clicking links or looking for the tell-tale signs of spoofing attacks. Training should ideally be held on a semi-regular basis to keep up to date with the latest spoofing methods and trends.