How to Spot a Spoofed Email

By:  |  Category: Blog, Security Friday, September 14th, 2018  |  No Comments

Question:  A friend contacted me and said he received a “this might be of interest” email from me and suggested I was hacked. I checked around but none of my other friends in my contacts got it. Is there a way to verify I have been hacked before I go through the pain of changing my primary email address?

Answer: If you can reasonably confirm that only one friend got this message and you can still log into your email account, it’s more likely a spammer is “spoofing” (forging) your address and has not fully hacked in to take control of your account.

Spoofing is the new con to bypass junk-mail filters and get victims to open the message — and possibly click on a fraudulent or malware-loaded link. The forged address also lets the criminal avoid bounce-back messages to a traceable account.

Sadly, there’s not a lot you can do about a remote spammer’s sticking your address in an email “From” field. Your information may have even been collected from the contact list of the person who reported the suspicious message, if that person’s computer is infected with malware. Spammers can also grab working email addresses from the dark web, public posts you’ve made online, as well as from mailing lists or web pages.

What to do?

Send out an email (or text) or quick to your friends warning them that someone is spoofing your address and ask them not to click on anything without verifying with you.

If you get a curious message from a friend yourself, you can check the email header information to see if the account was truly hacked. In your mail programs options, settings or view menu, look for a “show original” or “view message header” command to see the message’s path across the internet. If the Authenticated Sender line in the header information shows that it did come from the address in question, the mail account has been compromised because the message was sent with the user’s name and password as verification.

If you get a message you expecting or aren’t sure about from a friend, you can also call or text the sender to verify before clicking.

Leave a Comment
Read previous post:
The Reality of Identity Theft

It's a bad day as a business owner when your IT guy walks in and tells you your system has...