Spoofs - Email in Disguise

October 27, 2016

Fall has arrived in MN with leaves changing color and the approach of Hallowen brings with it; candy, costumes, hay rides, haunted houses, and scary movies.  Unfortunately, it isn’t all harmless tricks or treats out there, one place that can be especially scary is the Internet!  Tricksters are busy creating harmful hoaxes in the form of email spoofing that impersonates you to your online family & friends.  This trick snares even the savviest people because of its clever disguise worthy of 1st place in a costume contest. 

First of all, what is spoofing? 

Spoofing is defined as:

1. imitate (something) while exaggerating its characteristic features for comic effect.
2. hoax or trick (someone).

What is email spoofing?

Email spoofing is when a spammer sends out emails using your email address in the From: field. The idea is to make it seem like the message is from you (when it really isn’t) – in order to trick people into opening it.  Boo!  These spammers are Masters of Disguise!  Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a someone they know.  

What's the difference between being hacked and spoofed?

Your Sent Folder may offer the best clue to whether you have been hacked or spoofed.

  • If you DO find email in your Sent folder that you did NOT send: Your account has been compromised (hacked).  Contact the Tech Desk ASAP!   techdesk@stthomas.edu or 651.962.6230

  • If you DO NOT find any strange email in your Sent Folder: Your account has most likely been spoofed.


How can I protect myself from being tricked by a spoofed email?

  • Learn to read email message headers and check domain names and IP addresses. Nearly all email programs will let you float your mouse over an email address (or link in an email). What you see pop up should be identical to what you are floating over. If it is something different, then it is probably spam or phishing for information.

  • Use your spam filters. Nearly every free (and paid) email service has spam filters and junk boxes. If something goes to your junk mail, don’t simply unblock it. Investigate the email, even if it looks like it’s coming from someone you know. Make sure that it really did come from that person and that they intended to send it to you.

  • Never click an unexpected link or download an unfamiliar attachment. Nearly all major companies have policies in place that require that if they need you to click a link to their site, they will include some sort of identifying information such as your name or last four digits of an account number. Pay special attention to that. Too many people see a generic email that simply says “Your account has been compromised, click here to validate.” No legitimate bank or institution will ever send that. They would say “Dear Tommie Cat, We believe your account has been compromised, please call us at XXX-XXX-XXXX.