Email Spoofing 101

Wait? Is that genuine?

Have you ever received a call from somebody, and they tell you that your email has been hacked, because they have received an email claiming to be from you but it really wasn’t? Working in our industry, the chances are that you have had this call, and, your email wasn’t really hacked. Instead your email was spoofed.

Today, I’m writing about spoofing. “Hacking” and “spoofing” are not words we normally drop into polite conversation, and many people confuse the two terms. When your email account is spoofed, this means that somebody has received a message that looks like it’s from you, but it’s not really. When your email is hacked, this means that your account has been compromised and the bad guy has control.

Some of the easy ways to spoof an email address is to change the FROM, REPLY-TO, and RETURN name and address. The best way to check is to look at the email address sent from and what you might reply to.

Back in April I received an email from Britt Martin, Co-CEO and Company Founder. This is what I see:

Seems legit, right? No. Look again at the very top line. The email name and address shows “Britt Martin <>” and not Britt’s BIS email address. This is also a suspicious email; Britt will absolutely find ways to surprise the team here, but this isn’t something he would email me about.

In this case, I checked in with the real Britt Martin – this is the golden rule: communicate using other means. Usually, this means calling.

If the fake Britt had sent me an attachment, I shouldn’t click on it. Imagine if Britt had sent me what looked like an Excel spreadsheet and asked me to check what gift cards I could buy from the list? It is difficult not to click on email attachments – many of us open email attachments several times a day. Unfortunately, email attachments can contain malware or a virus. If you do click on something you shouldn’t, call the BIS Consulting IT team at 800 247 9045 or email us and we can help.