What is email spoofing? A spoofed email is one in which the sender purposely alters parts of the email to look as though it was sent by a legitimate party. Typically, the sender’s name or email address and the body of the message are made to appear as though they are from a legitimate source such as a bank, a credit card provider, a government agency, or some other legitimate source. In most cases, the spoof is part of a broad attempt at a phishing attack. In others, they are meant to rope us into selling us a bogus bill of goods.

How Is Email Spoofed?

Miscreants (persons who misbehave/break the law) can alter portions of an email to disguise themselves. Examples of properties that can be spoofed include: from, reply to, or even originating IP address, among others. Most of these can be easily changed by sophisticated spammer software.
How can I protect myself? To put it simply, your best defense is skepticism. If you’re unsure, don’t open a message and click on any attachments or links within. Since spoofing is a type of impersonation, you really can’t remove them. You can protect yourself with a little common sense and discretion while browsing, answering emails, even if you think they are trustworthy.

Tips for Prevention.

Here are a few tips you can use to prevent spoofing. First, don’t reply to any email asking for account or login information. If the email appears from someone you know, send them a separate email to confirm. Remember, businesses do not typically contact you for information they already have on file. Second, if the email instructs you to log into a website, don’t click on the embedded link, type in that company’s website URL into your browser to verify. Third, keep your anti-virus software up-to-date. This can help catch and destroy viruses.
What happens if you accidentally open an email or a link that contains a virus? If you are at work, contact your IT department immediately. If you are at home and have questions, contact the ITC Help Desk. Call 24/7 at 1.888.217.5718.

Call Spoofing.

So far, I’ve talked about email spoofing, but I’d be remiss if I didn’t mention that this type of behavior happens as well with phone calls. This is to include both your landline and your cell phone. I get these calls often, and I’m guilty of answering at times. Mostly I don’t, but every so often, it happens to be incoming “from” a spoofed local number. How do I not answer? Maybe it’s from someone I know – perhaps someone from one of the local groups I’m involved with is calling. It’s usually easy to realize that this is not something legitimate. If it’s someone that calls me out of the blue, I will either hang up immediately or call the company directly.

In summary – with both email and phone calls, it can be frustrating. But if you proceed with caution, that’s still your best defense!