You’ve just got an email from your best friend, and there’s a link. The email address looked legitimate, so you clicked on it expecting some funny meme or kitten videos you both used to share. However, your system suddenly starts acting weirdly, and people are complaining about you sending them strange emails. You fell victim to email spoofing.
What is email spoofing?
Email spoofing is a cyber attack in which a hacker sends you an email with a fabricated sender address, all to make you believe it came from a trusted source. It could be a bank, a government organization, your colleague, a friend, etc. Cybercriminals use this social engineering technique to:
- Extract victims’ personal information;
- Distribute malware;
- Persuade them to transfer money;
- Disguise their identities;
- Damage someone’s reputation.
While users can sometimes identify a spoofed email as spam, it still causes much trouble. For example, in 2013, a news agency received an email, which looked like it came from a legitimate Swedish company, claiming that Samsung had purchased them. By spreading false information, cybercriminals affected the named company’s stock prices. They plummeted drastically.
How email spoofing works
First, hackers need to get hold of your email address. Lots of them are available in the public domain. People tend to publish them on social media, share them with others, leave them in contact forms, etc. Newsletters or various online registration forms that intentionally collect data can leak them too.
After finding out your email, hackers can exploit your address in the following ways:
- They can access your inbox with other leaked credentials;
- They might use a brute force attack;
- They can create a lookalike email but use their domain providers and servers;
- They can infect your computer with malware and use your contact list to spam others.
Not all email providers have strong email authentication protocols to filter out suspicious and poorly configured domains and emails. Therefore, hackers successfully exploit these loopholes to get their spoofed emails through.
How to stop email spoofing
To prevent email spoofing, consider the following:
- Regularly update your antivirus to avoid malware. Also, make sure your email app is up-to-date;
- Use complex passwords to protect your accounts. The stronger the password, the less vulnerable your account will be to brute force attacks. Also, change them regularly. Check NordPass for a safe and comfortable experience;
- Do not subscribe to suspicious newsletters, and don’t fill in online registration forms you don’t trust;
- Avoid using your personal and work emails to register for various online services and social media accounts. You can create a separate email for these purposes. Also, try to keep your primary emails as private as possible. In case you still need to provide it, write it as email(at)domain(dot)com;
- Do not give your email to people you don’t trust;
- Use email service providers, which use strong email authentication or cryptographic protocols. Do proper research to find out if a provider you use is secure. You can also check our recommended privacy-oriented email providers that would take better care of your emails;
- Carefully check the email address. Does it look odd or have spelling mistakes?;
- Contact the sender directly by using other means of communication;
- Perform an immediate antivirus scan if you suspect you’ve just downloaded malware;
- Do not click on links from sources you don’t trust. Learn to recognize a spoofed link.
To learn more about cybersecurity, subscribe to our monthly blog newsletter below!