Email Support
SPAM Prevention
What is email spoofing and how to stop it?

What is email spoofing and how to stop it?

Email spoofing is a synonym for a phishing attack. It has been an issue since the ‘70s, and it started with spammers using it to bypass email spam filters. Over 3 billion spoofing emails are sent per day and this is a major cyber security threat. In this article, we will get into email spoofing definition, how it works, the reasons behind it, and how to prevent it.

Email spoofing is the forgery of an email’s sender address as a form of a cyber attack. The goal is to trick the recipient into the opening and responding to scam email messages. A spoofed email has a falsified header with a seemingly legitimate “From” address. When the email comes as sent from a trusted entity or a known person, the recipient is more prone to provide sensitive information.

How does email spoofing work?

Email spoofing is achievable because the Simple Mail Transfer Protocol (SMTP) does not provide address authentication. This way, spoofing can be executed simply with a working SMTP server and an email client (like Outlook or MacMail). Once the spoofed email message is composed, the attacker can alter the email header’s fields like From, Reply-To, and Return-Path.

When the recipient gets the message, it appears as if it is sent from someone they know or can trust – usually a colleague, vendor, or a popular brand. Counting on his trust, the spoofer may ask the recipient for credit card details, click on malicious links or wire funds.

As an example, an attacker may generate a message that looks like it is sent from “Bank of America“. The message would imply urgency and request from the recipient to change his password or authenticate through a provided link. If you are deceived successfully and comply with the message’s demands, the attacker gains access to your bank account.

More intricate scams target businesses, organizations, and individuals who perform transfers of funds, in business email compromise attacks (BEC). According to the FBI’s International Crime Report for 2020, over $1.8 billion in losses were reported due to various and evolving sophistication of BEC attacks. These include the compromise of personal and vendor emails, CEO fraud, spoofed lawyer email accounts, identity theft, and conversion of funds into cryptocurrency.

Email service providers implement security measures by default, however, spoofing does not need to bypass them, as SMTP does not require authentication. This technique exploits the human factor rather than security implementations, which makes it far more dangerous. The majority of users do not tend to check the email header of the messages they receive. Also, spoofing an email message is relatively easy for hackers, since no in-depth technical know-how is needed, and is easy to make a forged sender address.

What are the different email spoofing techniques and spoofing attacks?

There are various methods to spoof an email by forging its syntax. They target different parts of the message. Below, we will explain each of these techniques to help you understand them better.

Display name spoofed email

A common type of email spoofing is display name spoofing, in which the sender’s display name is forged. Basically, you can do this by creating a new Gmail account with the name of the contact you want to impersonate.

Although the mailto: section shows the actual email address; at first glance, the message may seem legitimate to the user. Such messages do not get filtered as spam, since they come from an actual email address. This is an exploit of the user interfaces that strive to be intuitive and thus show less information.

The majority of email client applications do not show the metadata of a message. Mobile email apps usually show just the display name, which facilitates display name spoofing even further.

Spoofing attacks with legitimate domains

Another form of spoofing is domain spoofing, where the attacker’s goal is achieving higher credibility. He would use a trusted email address on a compromised SMTP server that does not require authentication to change the From and To addresses in the message. This way, both the display name and the email address could mislead you.

Email spoofing with lookalike domains

Imagine a domain is protected and it can not be spoofed. Under these circumstances, the scammer may register a domain similar to the impersonated domain name, i.e. @paypal1.com instead of @paypal.com. To the inadvertent reader, this change may be too small to notice. The attacker thus instills a sense of authority and may lure the target into providing private data, wire funds, or sharing malicious links.

As most users tend to not read the email headers of each message they receive, this type of spoofing proves highly effective. Spam software would also not filter these messages as they come from an existing mailbox. Investigating email messages’ metadata is the proven method to confirm their authenticity.

Reasons for email spoofing attacks

Most commonly, hackers use spoofing to send phishing emails. Still, the reasoning behind it can include:

  • Hiding the sender’s true identity – Attackers generally use this tactic as a part of another cyber attack. This can also be accomplished by registering an anonymous email address.
  • Avoiding spam filters and blacklists – Spam messages are likely to be caught by spam protection software. For example, at SiteGround we have integrated our own Spam protection. This service allows you to block messages per domain or email address. Since spammers are trying to bypass such filters, they may resolve to switch between email accounts.
  • Pretending to be a trusted person you know – You are more likely to divulge sensitive information to someone you know – like a colleague or a friend. This way the attacker may gain access to your financial assets.
  • Pretending to be a reliable business organization – For example, the hacker poses as a financial institution to get your bank account credentials.
  • To tarnish the reputation of the supposed sender – Attackers may use email spoofing to stain the character of a business entity or person.
  • Identity theft – impersonating a targeted victim and requesting personally identifiable information.
  • To spread malware – Hackers insert infected attachments into spoofed emails to launch and spread malware.

How do I protect myself from email spoofing attacks?

You may be affected by email spoofing as the person receiving the spoofed email or the one whose email was spoofed. Since authentication is absent in the Simple Mail Transfer Protocol, several frameworks have been developed to stop email spoofing.

How to stop spoofing emails from my email address?

If someone is spoofing your email address, you should consider implementing the following solutions to prevent it.

  • Sender Policy Framework (SPF record) – It validates the email sender of a message by checking whether the source IP address is authorized to send from the given domain name. With SPF only permitted IP addresses can send emails. This DNS record is enabled by default for your domain name on our DNS zone. You can manage it from Site Tools > Email > Authentication > SPF
  • DomainKeys Identified Mail (DKIM) – This mechanism uses a pair of encrypted keys to sign outgoing messages, and validate incoming messages. DKIM is enabled by default in our DNS zone.
  • Domain-Based Message Authentication, Reporting, and Conformance (DMARC) – This allows the sender to let the receiver know whether its email is protected by SPF or DKIM. Also, what actions should the recipient take when dealing with mail that fails authentication. The email record is not yet very commonly used. Create it from Site Tools > Domain > DNS Zone Editor > Select the desired domain > add TXT record.

How to prevent becoming a victim of email spoofing?

To prevent becoming a victim of email spoofing, you should make sure to take note of the following:

  • Ensure your anti-virus software is always up to date and be aware of the tactics used in social engineering.
    If unsure about a message’s validity, investigate its email header and search for a PASS or FAIL response in the Received-SPF section. Each email client requires different steps to view the email headers, so learn how to view the headers in the email application you are using.
  • Be suspicious of messages sent from supposedly respected organizations, which contain poor grammar and spelling.
  • Use expendable email accounts when registering on websites to avoid being added to dubious listings and bulk mailing.
  • Do not reveal personal information in spoofed emails. This practice can significantly limit the effects of email spoofing.
  • Use the SiteGround Spam Protection solution which will protect your e-mail accounts against Spam.
    Protect your domain from being spoofed by spammers using SPF, DKIM, and DMARC records.
  • Use secure email protocols to configure your local email clients.

To sum up, there is not much we can do to fix email spoofing, as it constantly evolves with technical progress. We can, however, be aware of it and instill good practices to secure our communication channels. We strive to keep the versions of all the software that is providing email services (SMTP, IMAP/POP3) up to date with the latest security patches.

Share This Article