An email message is one of the most popularly used modes of communication, irrespective of whether the message is formal or informal. An email message usually has the following format:
Email Spoofing is a method to change the ‘from’ address in the received email message, so that it seems to have originated from a legitimate source. It is one of the major forms of cyber-attack, which can lead to a financial setback and cause loss/theft/misuse of your private data such as passwords, account numbers and other personal & sensitive information.
What is the purpose of email spoofing?
Cyber criminals use email spoofing to:
- Cheat you by unfairly promoting online services
- Sell you a fake product
- Acquire your sensitive information
- Launch virus or Trojan cyber-attack
- Obtain your credit card or online banking information
- Convince you to send money in return for a lucrative job offer or an investment scheme
- Cause nuisance
Email spoofing is a malicious and a very common cyber-attack and thus you should be on a constant vigil while you are checking your mails.
How can you identify a spoofed message?
You can identify a spoofed message by checking few of the properties of the mail that you receive.
- Open and check the email header of a message that you believe may have been spoofed.
- Check the ‘from’, ‘reply-to’, ‘return-path’ and ‘source IP’ fields of the email header. If either of them is different from the sender’s address, the email received by you is most likely spoofed.
- Read the subject line carefully. Following are some of the examples of subject lines of a spoofed message:
- Send money urgent!
- Online Banking Alert: Your Account will be Deactivated
- Remember me? It’s XYZ from ABC Academy!
- SECURITY NOTIFICATION
- USPS: Failed Package Delivery
- Change of Password Required Immediately
- Urgent Action Required
What precautions can you take to dodge spoofed messages?
It is your awareness and presence of mind that can keep you safe from becoming the victim of email spoofing cyber-attack. Here are some of the tips you should keep in mind while opening an email message that you might have received either on your personal or official mail ID:
- Always keep the anti-malware software up to date on your system.
- Be cautious of the dirty tricks used by cyber criminals in social engineering.
- You should always approach the sender of the mail explicitly before sharing any personal or financial information.
- You should never respond back to any of the mail addresses mentioned in the email message received by you and that you suspect is spoofed.
- You should blacklist/block the mail IDs that you suspect are linked to email spoofing. You can always unblock them once you verify their legitimacy.
- Implement SPF, DKIM, and DMARC records, which can add extra layers of protection to your mail ID.
Even after being cautious and careful, if by any chance you click on a fraudulent link or disclose any of your sensitive information, then immediately change the password of your email account.
We hope that these simple steps can safeguard you from the risk of being the victim of email spoofing. For further strengthening your protection from such cyber-threats, we recommend that you opt for our Individual Cyber Safe Insurance Policy, which is first of its kind cyber insurance policy, launched in India especially designed for individuals.