Do you ever wonder how spammers can send you emails that look like they are coming from your own account or someone you know? You might think that your email is hacked or that your friend’s account is compromised.
The truth is, these types of deceptive emails aren’t really coming from those addresses. They’re just pretending to be them. This is called spoofing, and it is an effective phishing technique used by scammers to trick you into opening their messages, clicking on harmful links, and giving away your personal information.
Take these two instances from Linda and James, who both experienced this spoofing scam firsthand and are sharing how the attempted attacks unfold.
I have been receiving spam, like everyone else, but what I’ve noticed is the spam is coming from and to my email address. I suspected it was coming from my server, but there’s no trace of the emails in the sent logs. How is this possible?” – Linda, Barnegat, NJ
I have been receiving spam emails from a friend of mine. It has their email address in the from field. My friend told me they never sent this. How are spammers able to send emails from other accounts?” – James, Tampa, FL
Great questions. It starts with a scammer faking an email address to make it look like it’s coming from someone else. It is a simple and dangerous way for scammers to deceive you.
They can get your email address or your friend’s email addresses from data breaches, websites, social media, or public directories. Then they can use them to send you phishing emails that seem legit.
Why do scammers spoof your email?
To avoid being labeled as spam
When an email comes from your own address, it is likely to avoid being labeled as spam. Instead, the message will typically go straight to the priority inbox since your account thinks it’s from you. This makes you much more likely to view the email.
To convince you that they have access to your accounts
The scammer also will use your own address to convince you that they have access to your accounts. Many times, the goal of these emails is to attempt to steal your sensitive information or take your money. The reasoning is similar for why they may use a friend’s email. You are more likely to click on a link from a friend rather than from a stranger.
To expose your personal information
The scammer may threaten you, claiming to expose your personal information. And, when you see they sent the message from your own email address, you may believe that they do have access to your email account.
To scare you by showing a phone number or password
Sometimes, the scammer may also show a phone number or password of yours to scare you further. In reality, they do not have access but have purchased this information from a data leak or dug your private info from nefarious crevices on the dark web. It is an attempt to trick you into paying ransom for information the scammer does not actually have.
How to spot a spoofed email
If an email looks a bit off, you should always play it safe and not click on it. You can also check the sender’s address, the subject line, the spelling and grammar, the attachments, and the links for anything suspicious.
Ask the friend who supposedly sent the message about it. If they don’t remember sending it, then it is likely their account was spoofed or possibly hacked.
What to do if you think you’ve received a spoofing email
Check your “sent” folder
If you find signs of spoofing on your account, you should first check your “sent” folder. If you see suspicious emails in the folder that you know you haven’t sent, it most likely means your account was hacked. You should change your password immediately and report the incident to your email service provider.
Check account settings for any unauthorized changes
You should also check your account settings for any unauthorized changes. If you see nothing, it is most likely just spoofing. Even though it may feel like your account is exposed, in reality, it is not. Remember to stay vigilant, though, and never to click on suspicious links.
Don’t click any suspicious links, attachments, or images
If you receive a spoofing email, do not click on any of the links, attachments, or images within the message, as it could expose you to a phishing scam. These links, attachments, or images may contain malware that can infect your device or direct you to a phony website that looks exactly like the real one but is designed to steal your personal information.
Have good antivirus software on all your devices
Keeping hackers out of your devices can often be prevented when you have good antivirus protection installed on all your devices. Having antivirus software on your devices will help make sure you are stopped from clicking on any known malicious links, attachments, or images that may install malware on your devices, allowing hackers to gain access to your personal information.
How to further prevent spoofing
Always make sure your passwords are strong and complex. You should also change them regularly to be even safer. Consider using a password manager to generate and store complex passwords.
Create alias email addresses
Creating alias email addresses can help prevent spoofing by making it harder for spammers to guess your real email address and impersonate you. Creating various email aliases allows you not to worry about all your info getting taken in a data breach. An email alias address is also a great way for you to stop receiving constant spam mail by simply deleting the email alias address.
Check if your personal information was sold on the dark web
One way to try and proactively stop scammers is to check if your information was sold on the dark web. If you get spoofed, it is likely one of your addresses and maybe other information was part of a data breach and purchased by a scammer.
To check if your personal information was sold on the dark web, you can go to haveibeenpwned.com and enter your email address into the search bar. The website searches to see what data of yours is out there and displays if there were data breaches associated with your email address on various sites. You may have even received an email from the website already saying that some of your data was stolen, and you should look into this immediately if that is the case.
Invest in removal services
While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time.
Kurt’s key takeaways
Email spoofing is just the wave of phishing scams meant to trick you into giving scammers your personal information so they can steal your data and your money. These scammers are masters of disguise, yet you can outsmart them by carefully examining suspicious emails, verifying with your friends any emails you receive from them, and taking steps to protect your online presence. By being proactive, you can keep your inbox safe from the clutches of these deceptive crooks.
Have you ever encountered a situation where your email address was spoofed? What did you do? What was the outcome? Let us know by commenting below.