spoof email | spoofing Spoof Email: Be Careful With Email Links And Attachments


We have mentioned before that your business computer (see: Web Security A Business Must Manage) is by far the biggest area of vulnerability and where most hack attempts are focused. Due to a rash of ‘spoof email‘, we feel compelled to send a BIG heads-up blog post here on this subject.


What Is Spoof Email Or Spoofing?

It’s a malicious practice where email is sent from an unknown source DISGUISED as a source (i.e. email address) known to you. Spoofing is prevalent in email because email lacks a high level of security. Technically, SMTP (i.e. Internet standard for email transmission) fails to offer authentication, so it becomes a place readily available for hacks meant to forge and impersonate known email addresses.


Why Do Hacks Attempt To Spoof Email?

The attacker knows that if you receive a spoofed email that appears to be from a known source, it is likely to be opened and acted upon. The email may request personal information, like an account number, or a click that can launch an attack. If reacted to as planned, it may allow the spoofer to A. gather then use an account for identity theft purposes OR B. to download malware to your device.

A. Account Nos. > access to bank accounts or other login accounts where contact details may be changed to then steal or gain control

B. Malware > programs that when downloaded can cause significant computer damage, the triggering of unexpected activities, remote access to the device, the deletion of files, and much more.


How To Deal With / What To Do With Email We Are Unsure Of 

We all need email: text will never replace email communication for the depth of information it can offer as well as its ease for organization. However, we can get smarter about how we react to links or attachments in our email.

  1. First question all links & attachments in an email!
  2. Then search all links sent and prior to clicking them in Google. Do it by copying them to another browser with Google opened. If the link is a problem Google will likely know.
  3. Finally and so far as attachments go, email the known source direct AND NOT in direct response to the suspected email. Ask, “did you send an email with an attachment?” If not, you know it was not them and the problem is avoided. If so and you wish to remain super careful, ask maybe if they can drop the attachment in a secure environment rather then sending it via email. Dropbox, for instance, will automatically scan all dropped files for malware before it can cause harm to your device.