Do you ever wonder how spammers can send you emails that look like they are coming from your own account or someone you know? You might think that your email is hacked or that your friend’s account is compromised.
The truth is, these types of deceptive emails aren’t really coming from those addresses. They’re just pretending to be them. This is called spoofing, and it is an effective phishing technique used by scammers to trick you into opening their messages, clicking on harmful links, and giving away your personal information.
Take these two instances from Linda and James, who both experienced this spoofing scam firsthand and are sharing how the attempted attacks unfold.
I have been receiving spam, like everyone else, but what I’ve noticed is the spam is coming from and to my email address. I suspected it was coming from my server, but there’s no trace of the emails in the sent logs. How is this possible?” – Linda, Barnegat, NJ
I have been receiving spam emails from a friend of mine. It has their email address in the from field. My friend told me they never sent this. How are spammers able to send emails from other accounts?” – James, Tampa, FL
Great questions. It starts with a scammer faking an email address to make it look like it’s coming from someone else. It is a simple and dangerous way for scammers to deceive you.
They can get your email address or your friend’s email addresses from data breaches, websites, social media, or public directories. Then they can use them to send you phishing emails that seem legit.
MORE: DON’T FALL FOR THAT DECEPTIVE EMAIL ASKING FOR YOUR HELP
Why do scammers spoof your email?
To avoid being labeled as spam
When an email comes from your own address, it is likely to avoid being labeled as spam. Instead, the message will typically go straight to the priority inbox since your account thinks it’s from you. This makes you much more likely to view the email.
To convince you that they have access to your accounts
The scammer also will use your own address to convince you that they have access to your accounts. Many times, the goal of these emails is to attempt to steal your sensitive information or take your money. The reasoning is similar for why they may use a friend’s email. You are more likely to click on a link from a friend rather than from a stranger.
To expose your personal information
The scammer may threaten you, claiming to expose your personal information. And, when you see they sent the message from your own email address, you may believe that they do have access to your email account.
To scare you by showing a phone number or password
Sometimes, the scammer may also show a phone number or password of yours to scare you further. In reality, they do not have access but have purchased this information from a data leak or dug your private info from nefarious crevices on the dark web. It is an attempt to trick you into paying ransom for information the scammer does not actually have.
MORE: HOW TO TELL IF YOUR PHONE HAS BEEN HACKED
MORE: DON’T FALL FOR THIS LATEST ANTIVIRUS PROTECTION SCAM
How to spot a spoofed email
If an email looks a bit off, you should always play it safe and not click on it. You can also check the sender’s address, the subject line, the spelling and grammar, the attachments, and the links for anything suspicious.
Ask the friend who supposedly sent the message about it. If they don’t remember sending it, then it is likely their account was spoofed or possibly hacked.
What to do if your email was spoofed?
It’s important to let your contacts know about the situation as soon as possible. Here’s a step-by-step guide on how you can notify your contacts:
Log in to your email account: If you haven’t already, make sure to regain control of your email account. You might need to reset your password or contact your email service provider for assistance.
Compose a new email: Create a new email to send to your contacts. You might want to use a subject line that clearly indicates the purpose of the email, such as “Important: My Email Account Was Hacked”.
Write a clear message: In the body of the email, explain the situation. Let your contacts know that your account was hacked and that they should ignore any suspicious emails they received from your account.
Send the email to all your contacts: You can manually select all your contacts to send the email, or create a group to send emails to multiple recipients.
Remember, it’s also important to take steps to secure your email account to prevent future attacks. This includes changing your password, setting up two-factor authentication, and checking your account settings for any changes made by the hacker.
What to do if you think you’ve received a spoofing email
Check your “sent” folder
If you find signs of spoofing on your account, you should first check your “sent” folder. If you see suspicious emails in the folder that you know you haven’t sent, it most likely means your account was hacked. You should change your password immediately and report the incident to your email service provider.
Check account settings for any unauthorized changes
You should also check your account settings for any unauthorized changes. If you see nothing, it is most likely just spoofing. Even though it may feel like your account is exposed, in reality, it is not. Remember to stay vigilant, though, and never to click on suspicious links.
Don’t click any suspicious links, attachments, or images
If you receive a spoofing email, do not click on any of the links, attachments, or images within the message, as it could expose you to a phishing scam. These links, attachments, or images may contain malware that can infect your device or direct you to a phony website that looks exactly like the real one but is designed to steal your personal information.
Have good antivirus software on all your devices
Keeping hackers out of your devices can often be prevented when you have good antivirus protection installed on all your devices. Having antivirus software on your devices will help make sure you are stopped from clicking on any known malicious links, attachments, or images that may install malware on your devices, allowing hackers to gain access to your personal information.
ARE YOU PROTECTED? SEE THE 2023 BEST ANTIVIRUS PROTECTION WINNERS
MORE: MASSIVE CYBERATTACK STRIKES MILLIONS: ARE YOU AT RISK?
How to further prevent spoofing
Change passwords
Always make sure your passwords are strong and complex. You should also change them regularly to be even safer. Consider using a password manager to generate and store complex passwords.
Create alias email addresses
Creating alias email addresses can help prevent spoofing by making it harder for spammers to guess your real email address and impersonate you. Creating various email aliases allows you not to worry about all your info getting taken in a data breach. An email alias address is also a great way for you to stop receiving constant spam mail by simply deleting the email alias address.
To find out more about upgrading the security of your email, click here.
Check if your personal information was sold on the dark web
One way to try and proactively stop scammers is to check if your information was sold on the dark web. If you get spoofed, it is likely one of your addresses and maybe other information was part of a data breach and purchased by a scammer.
To check if your personal information was sold on the dark web, you can go to haveibeenpwned.com and enter your email address into the search bar. The website searches to see what data of yours is out there and displays if there were data breaches associated with your email address on various sites. You may have even received an email from the website already saying that some of your data was stolen, and you should look into this immediately if that is the case.
Invest in removal services
While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time.
See my tips and best picks for removing yourself from the internet here
Kurt’s key takeaways
Email spoofing is just the wave of phishing scams meant to trick you into giving scammers your personal information so they can steal your data and your money. These scammers are masters of disguise, yet you can outsmart them by carefully examining suspicious emails, verifying with your friends any emails you receive from them, and taking steps to protect your online presence. By being proactive, you can keep your inbox safe from the clutches of these deceptive crooks.
Have you ever encountered a situation where your email address was spoofed? What did you do? What was the outcome? Let us know by commenting below.
FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
🛍️ SHOPPING GUIDES:
KIDS | MEN | WOMEN | TEENS | PETS |
FOR THOSE WHO LOVE:
COOKING | COFFEE | TOOLS | TRAVEL | WINE |
DEVICES:
LAPTOPS | TABLETS | PRINTERS | DESKTOPS | MONITORS | EARBUDS | HEADPHONES | KINDLES | SOUNDBARS | KINDLES | DRONES |
ACCESSORIES:
CAR | KITCHEN | LAPTOP | KEYBOARDS | PHONE | TRAVEL | KEEP IT COZY |
PERSONAL GIFTS:
PHOTOBOOKS | DIGITAL PHOTO FRAMES |
SECURITY
ANTIVIRUS | VPN | SECURE EMAIL |
CAN'T GO WRONG WITH THESE: