You've been receiving emails from a friend recently telling you about some "amazing" information with a link that seemingly leads nowhere. When you ask her about the emails, she tells you she didn't send them. Why is this happening? It's probably a case of email spoofing. Email spoofing, used in a large portion of spam, is a modern form of forgery where certain email information is masked in an attempt to trick the recipient into believing the message came from someone else.
Spoofed emails are designed to elicit a certain behavior from you, the email recipient. The goal could be for you to click on a link leading to a website containing malware, to open a virus-laden attachment, or to reply with information that is personal or confidential.
A common way spammers trick you is by using the name of a friend or someone you know in the "From:" field and as the signature. Fraudulent messages often contain urgent requests such as: "Your email account has been suspended," "Help, I'm stuck abroad and need money," or "Please open this invoice." The tactics are nearly endless, but the goal is always the same: to try, through social engineering, to get you to complete an action. After all, you trust your friends. Right?
Not so fast. If you look closely, the "From:" email address is not legitimate, even though the name that appears before it may be. Look also at the email's full headers. You can use these headers to verify the original source of the message. In a legitimate email, the return path (the email address the message was really sent from) will usually match the address that appears in the email's "From:" field. A fraudulent email will show a different address as the return path. In most spoofed email, the "Reply-To:" address in the email will also be different. (See examples)
Spammers get names and addresses through compromised email accounts, which give them access to contact lists. If a friend has his or her email account compromised, then you may become a target for spoofed email. Information about relationships can also be obtained from social network profiles that are public or have weak privacy settings.
What Can Be Done?
Because there's no effective way to stop spammers from spoofing, there's generally nothing you can do about these messages except to delete them. Luckily, spammers tend to abandon address books quickly, moving on to other lists and new targets.
IS&T recommends that MIT emails users leverage Spam Quarantine to reduce the number of spam messages that reach your inbox. Filters can catch most — although not all — unwanted email. Awareness and a keen eye are also crucial to catching these messages.
The bottom line: never open attachments, or click links in the body of any email message that seems suspicious. If you do receive a suspicious email from a friend or colleague, you can always pick up the phone to verify its authenticity… they are your friends and colleagues, after all.
If you have any questions, contact the IS&T Help Desk. Stay safe out there!