Spoofed Emails: What They Are and How to Detect Them

(Photo: Marvid)

William Rantis

Scamming through email has been done since email became popular in the 1980s when the service began to be adapted for public use. But while most people tend to think that they would know to disregard an email from the Prince of Nigeria, this scam still costs people 700,000 dollars a year. That such a transparent ploy to get people’s money still works speaks to the fact that there is still a significant portion of the public that do not know what scams look like. While the “foreign money exchange” scheme, as CNBC calls it, nets a relatively small amount of people, a harder to detect scheme, called email spoofing, costs Americans much more.

Email spoofing is a type of scam that makes it look like an email came from a source that it did not originate from. The purpose is usually to get the receiver to take some action, such as downloading attached malware or revealing information, by pretending to be an important person or relative of the victim. In 2018, such scams came at the cost of 70 million dollars. Email scams like these are less well known, but need to be looked out for. There are three primary ways that these scams are conducted.

The first is to create a new email account and have the displayed name be the same as the person they want to impersonate. This is the easiest way to conduct a scam; it is impossible for an algorithm to detect for certain as a scam, and requires no specialized equipment. However, it is the easiest for a human to detect. Simply reading which address the email was sent from will let the recipient know what account actually sent it.

The second method is similar to the first. The display name is changed, but in addition the email address created for this purpose is very similar to the account of the person they are impersonating, usually differing by only one character. This is harder for humans to detect, but sufficiently competent algorithms can warn the user that this is potentially faked by comparing the email of their contact and this email. The way for people to detect this is the same as the previous method: read slowly and make sure each character is the same.

The last method is very difficult for humans to detect, as both the display name and the email address look like the person that is being impersonated. This is done by sending an email by a SMTP – Simple Mail Transfer Protocol – server that the impersonator has set up. This attempt can be found more simply by algorithms, which can check if the email includes any form of validation, which these emails will not have. If an email system does not use verification, or if someone wants to verify emails for themselves, check your settings to request a MIME verification for any email you receive.

In addition to these methods, two additional things to look out for are the language that the sender uses and whether they request quick responses. If they aren’t speaking how they usually do, this may indicate spoofing. Additionally, requesting a quick response may indicate that they don’t want to give you time to realize that the email is faked. Don’t respond immediately, and if the email requests confidential information or has an attached download, check to make sure it isn’t a spoofed email. Taking these steps will help prevent you from becoming a victim of a cyber-crime.