Types of spoofing
Sender name is a trusted source
When you receive an email that is spoofed, the sender’s name may show up as someone you know but the email address does not match that of the sender. The from field could look something like this - Sam Smith <rl20776v@example.com>.
‘From’ field is a close match
At other times, the email address in the ‘from’ field looks similar to that of the business they are impersonating. So, you might get an email from sender@example.org when the actual email address is sender@example.com. This is called domain impersonation and scammers frequently do this when sending out phishing links.
From field is an exact match
This type of spoofed email is the hardest to identify because it comes from the same email address as that of the sender it is impersonating. Online attackers can do this when the sender’s email provider does not have the right controls in place to stop spoofing. You can spot this in some cases because the email address you are replying to changes when you respond to the message.
Why do attackers spoof emails?
Scammers send out emails pretending to be someone you know and trust so they can get their hands on your personal information, your passwords and eventually, your money.
Some online scammers spoof your email address to extort money from you. When this happens, you will see a message in your inbox that appears to have come from your own email. The sender claims they have hacked into your account and recorded your internet activity. They threaten to make your videos or internet search history public if you don’t pay them. While it can be easy to believe an email like this, it is usually a bluff. You can read more about extortion scams on Own Your Online.
In a less common scenario, scammers can spoof your email and target you with spam or phishing emails. Because these messages have come from your own email address, you will not be able to block them.
Spoofing is different from business email compromise
When your email address is spoofed, the attacker has made it appear like the email came from you but does not actually have access to your account.
A business email compromise happens when an online attacker succeeds in getting access to your organisation’s email. They can then target your contacts to try to get money or personal details.
Spot a spoofed email
If you get an email from a friend, an agency or a company you know that is asking you to make a payment or to click on a link, your first instinct is to check the email address. But if the address has been spoofed, it can be easy to mistake it for a genuine message. Before you click on a link or send money to anyone – even someone you know – watch out for these common red flags.
- Were you expecting a message from this person or organisation? If it has appeared unexpectedly, it may be a scam.
- If the email has an embedded link that it’s asking you to click, it most likely is a phishing email. Mark the link as spam and do not click on it.
- If you are unsure, contact the sender directly on their number to confirm that they sent you the invoice or email.
Stop your email from being spoofed
If your organisation’s email is being spoofed to send email to your customers, you need to make sure your SPF, DKIM and DMARC protections are configured correctly.
Talk to your IT provider if you need help with this.
Prevent your email from being spoofed - Own Your Online External Link
If your personal email is being spoofed, you can report it to your email provider. If you receive extortion messages from your own email address, do not pay the ransom amount. You can report the incident to us using the online reporting form.
Report an incident - business and individuals | CERT NZ External Link