What is Email Spoofing and the Dangers?

What is Email Spoofing and the Dangers?

E-mail Spoofing is the process of changing the sender's email address, name and other routing information of an e-mail message, to make the e-mail appear as if it came from someone else. So, although an email message may have appeared as if it came from someone or has that person's e-mail address in the "From" address line, it doesn't mean it was sent by that person.

Why Cyber-criminals Spoof Email Messages?

E-mail spoofing is so easy to do that it can be done from Microsoft Outlook, Gmail, Hotmail, Yahoo email and other email clients. You can easily send an e-mail to a friend and change the "From address" to info@onlinethreatalerts.com. When your friend receives this email message it will appear as if it came from the Online Threat Alerts (info@onlinethreatalerts.com).

Almost everyone would open an e-mail message if they are familiar with the sender's email address and name. So, this is the reason why scammers and spammers use this technique to trick persons into clicking on malicious/phishing links, opening malicious attachments and e-mail advertisements sent as spam.

An email message contains header information that is used by an e-mail server to route the message to the recipient. This information is not visible to you when you are reading an e-mail message, but it can be viewed from your email client's menu option. It is the header information that is altered in order to spoof an email message.

E-mail Message Header Information

  • FROM Name and Address - this is the sender's name and email address.
  • REPLY-TO Name and Address - this can be the sender's name/email address or another sender's name/email address. If you want to send an email message from one address, but have the recipient reply to another email address.
  • RETURN-PATH Address - this is the e-mail address that the bounced e-mail message will be returned to if it fails to deliver.
  • SOURCE IP Address or “X-ORIGIN” address - this is the IP address of the sender.

It is important that you remember that if you receive a suspicious e-mail appearing as if it came from a legitimate organization (bank, insurance company, school, government institution), family member or friend, contact the sender before clicking on any links, opening any attachments or following any instructions in that e-mail message.

This is because the email message may have been spoofed my cyber-criminals to trick you into opening a malicious attachment or clicking on a malicious link that will infect your computer with a virus, Trojan horse or other malware.

Check the comment section below for additional information, share what you know, or ask a question about this article by leaving a comment below. And, to quickly find answers to your questions, use our search Search engine.

Note: Some of the information in samples on this website may have been impersonated or spoofed.

Was this article helpful?  +
Share this with others:
Comments, Questions, Answers, or Reviews
Comments (Total: 3)

To protect your privacy, please remove sensitive or identifiable information from your comments, questions, or reviews. We will use your IP address to display your approximate location to other users when you make a post. That location is not enough to find you.

Your post will be set as anonymous because you are not signed in. An anonymous post cannot be edited or deleted, therefore, review it carefully before posting. Sign-in.

The comments, reviews or answers below do not necessarily reflect the views of Online Threat Alerts (OTA).

  • February 20, 2017 at 12:13 PM by an anonymous user from: Tehran, Tehran, Iran

    How we can recognize the real or scam e-mail?

    • August 25, 2017 at 5:45 AM by info

      Look at the email headers.

    • February 20, 2017 at 12:57 PM by info

      It is very hard to do so, if you are not a tech savvy person. But, you can always follow these guidelines, which will help prevent you from becoming a victim of fake or phishing email messages:

      - never click on a link to sign into your online accounts; always go directly to your online account's websites and sign in from there;

      - do not open unexpected email attachments;

      - always contact the sender of a suspicious email message to verify its authenticity

Comments Show More Comments (2)

Write Your Comment, Question, Answer, or Review

What is Email Spoofing and the Dangers?