Email

Email spoofing: Recognize and prevent fake emails

Definitions

Email spoofing is when someone sends fake emails that appear to come from you or others.

For example, you might receive a fake email that looks like it’s from a familiar contact or company, or your contacts may receive fake emails that look like they’re from you.

Email spoofing becomes a phishing attempt when someone pretends to be a trusted source to trick you into giving away personal information, like passwords or credit card numbers.

Before you start

✅ Email spoofing has become common, however, the trained eye can detect it quickly.

⚠️ Email spoofing is not your fault or related to your email service, however you can take proactive steps to prevent it from happening.

🚨 Email spoofing does not mean you are hacked or your email is hacked. It simply means fraudsters are trying to trick people via fake emails.

❌ Do not engage, interact, or click any links within spoofed emails, and tell your contacts to do the same.

Step by step

Recognize email spoofing

The first step in understanding email spoofing is to recognize it when you see it. To recognize fake emails pretending to be you or someone else, use the common indicators below.

1. Check the sender’s email address: Verify if the sender’s email address matches the company or individual it claims to be from. Often, fake emails will have slight variations or suspicious domains.

2. Look for generic greetings: Be cautious of emails that start with generic greetings like ‘Dear Customer’ or ‘Hello User’ instead of your name. If it’s too vague or looks odd, it’s likely email spoofing.

3. Inspect the email content: Look for spelling errors, and urgent or threatening language that demands immediate action. Legitimate companies usually don’t request sensitive information via email.

4. Analyze links and attachments: Hover over any links without clicking to see the URL. If it looks suspicious or doesn’t match the company’s official domain, it might be a phishing attempt. Never click or open attachments from unknown sources.

5. It’s always about the money: Spoofed emails will often ask for money or payment on ‘invoices’ that look legitimate. They might pressure you to act quickly, claiming urgent issues or immediate payments. Be cautious and verify the sender’s email address and any requests for money before taking action.

6. Trust yourself: Spoofed emails will often send you emails for services or accounts you don’t even have. Always trust yourself and ask ‘Do I even have this service?’ and verify the latter.

Email spoofing varies in quality; some attempts can be detailed and convincing, while others are obvious fakes, so be prudent. Let’s look at 3 visual examples of email spoofing.

  • 1️⃣ Here is an example of a spoofed email pretending to be from LinkedIn, with many errors and oddities that make it obviously fake.
  • 2️⃣ Here is an example of a spoofed email pretending to be from McAfee. Although more convincing, it still contains errors and oddities that reveal it’s fake.
  • 3️⃣ Here’s an interesting ‘personalized’ email with all text and no links, but the request and content align with obvious spoofing tactics, revealing it’s fake.

Prevent email spoofing

If you receive a spoofed email, ignore and delete it without interacting. If someone alerts you that they’ve received spoofed emails that appear to be from “you”, go to the steps below.

SPF

Step 1. Make sure the domain name associated with your email address has SPF activated on it

🤔 What is SPF?

SPF (Sender Policy Framework) is an email authentication system that uses DNS to check if a mail server is authorized to send emails from your domain name.

⁉️ How can I check

✅ If your domain name uses our nameservers, SPF is activated automatically. No action is required by you.

⚠️ If your domain name uses external DNS, a CDN provider (Cloudflare, etc.), or an external email service, you have to activate SPF yourself. Go to this guide for steps: Manage your SPF record

DKIM

Step 2. Make sure the domain name associated with your email address has DKIM activated on it

🤔 What is DKIM?

DKIM (DomainKeys Identified Mail) is a system to authenticate your email, ensuring it genuinely came from your domain and that email truly originates from you.

⁉️ How can I check

✅ If your domain name uses our nameservers, DKIM is activated automatically. No action is required by you.

⚠️ If your domain name uses external DNS, a CDN provider (Cloudflare, etc.), or an external email service, you have to activate DKIM yourself. Go to this guide for steps: Manage your DKIM record

DMARC

Step 3. Make sure the domain name associated with your email address has DMARC activated on it

🤔 What is DMARC?

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an authentication system that helps protect your domain name from being used for phishing or spam.

⁉️ How can I check

✅ If your domain name uses our nameservers, DMARC is activated automatically. No action is required by you.

⚠️ If your domain name uses external DNS, a CDN provider (Cloudflare, etc.), or an external email service, you have to activate DMARC yourself. Go to this guide for steps: Manage your DMARC record