Question: What Is an ‘Email Spoof’? Is It a Type of Phishing Attack?
Answer: Email spoofing, like phone spoofing, is fraud and deception. Spoofing is the most common form of the modern con game called ‘phishing’.
The word “spoof” means “falsified”. A spoofed email is when the sender purposely alters parts of the email to masquerade as though it was authored by someone else. Commonly, the sender’s name/address and the body of the message are formatted to appear from a legitimate source, as though the email came from a bank or a newspaper or legitimate company on the Web.
Sometimes, the spoofer will make the email appear to come from a private citizen somewhere or someone from within the business you work at.
In many cases, the spoofed email is part of a phishing (con man) attack. In other cases, a spoofed email is used to dishonestly market an online service or sell you a bogus product like scareware.
What Does a Spoofed Email Look Like?
Why Would Someone Fraudulently “Spoof” an Email?
Purpose 1: the email spoofer is trying to “phish” your passwords and login names. Phishing is where the dishonest sender hopes to lure you into trusting the email. A false (spoofed) website will be waiting off to side, cleverly disguised to appear like a legitimate online bank website or paid Web service, like eBay. Far too often, victims will unwittingly believe the spoofed email and click to the false website. Trusting the spoofed website, the victim will enter his password and login identity, only to receive a false error message that “web site is unavailable”.
During all of this, the dishonest spoofer will capture the victim’s confidential info, and proceed to withdraw the victim’s funds or perform dishonest transactions for monetary gain.
Purpose 2: the email spoofer is a spammer trying to hide his true identity, while still filling your mailbox with advertising. Using mass-mailing software called “ratware”, spammers will alter the source email address to appear as an innocent citizen, or as a legitimate company or government entity.
The purpose, like phishing, is to get people to trust the email enough so that they will open it and read the spam advertising inside.
How is Email Spoofed?
Dishonest users will alter different sections of an email so as to disguise the sender as being someone else. Examples of properties that are spoofed:
- FROM name/address
- REPLY-TO name/address
- RETURN-PATH address
- SOURCE IP address or “X-ORIGIN” address
These first three properties can be easily altered by using settings in your Microsoft Outlook, Gmail, Hotmail, or other email software. The fourth property above, IP address, can also be altered, but usually requires more sophisticated user knowledge to make a false IP address convincing.
Is Email Spoofed Manually by Dishonest People?
While some spoof-altered emails are indeed falsified by hand, the great majority of spoofed emails are created by special software. The use of mass-mailing “ratware” programs is widespread amongst spammers. Ratware programs will sometimes run massive built-in wordlists to create thousands of target email addresses, spoof a source email, and then blast the spoof email to those targets. Other times, ratware programs will take illegally-acquired lists of email addresses, and then send their spam accordingly.
Beyond ratware programs, mass-mailing worms also abound. Worms are self-replicating programs that act as a type of virus. Once on your computer, a mass-mailing worm will read your email address book. Then the mass-mailing worm will falsify an outbound message to appear sent from a name in your address book, and proceed to send that message to your entire list of friends. This not only offends the dozens of recipients, but tarnishes the reputation of an innocent friend of yours. Some well-know mass-mailing worms include: Sober, Klez, and ILOVEYOU.
How Do I Recognize and Defend Against Spoof Emails?
Like with any con game in life, your best defense is skepticism. If you don’t believe that the email is truthful, or that the sender is legitimate, then simply don’t click on the link and type your email address.
If there is a file attachment, simply don’t open it, lest it contain a virus payload. If the email seems too good to be true, then it probably is, and your skepticism will save you from divulging your banking information.