Spoofs vs. hacks and how to protect your email security
Refreshed November 13, 2023
Originally published: February, 18, 2019 - The Daily Memphian by Patrick Tamburrino
Email scams are on the rise, and it seems like we’re receiving multiple items of correspondence every day, ranging from something legitimate-looking to an R-rated sales pitch. It’s important to know the severity of something you may be receiving and how to protect yourself and your account from being hacked.
Spoofs vs. Hacks and Phishing
“Spoofing” occurs when someone sends an email that appears to have come from a particular source. For instance, you may receive an email from a colleague, and the name listed appears correct, but oftentimes there is a misspelling, or it can have a strange-looking email address. In these cases, it is likely that the sender is not who you think it is, and that person is likely attempting to get you to download a virus or to provide personal, private information.
Case scenario: Bob gets an email from Patty. The email header says, “Patty Smith imahacker@outlook.com,” rather than “Patty Smith patty.smith@mycompany.com.” While spoofing is typically less “harmful” than hacking, it can still cause serious damage. If Patty’s request is asking Bob to wire money to an account in an attached PDF (often the case), Bob could cost his company a lot of money without even realizing what happened.
There are a couple of phishing email red flags here. The first is that the email address is not correct and the second is that Bob isn't expecting the email. If Bob were to act on this Spoof, he would be the victim of phishing.
“Hacking” is the more serious breach you should be aware of. If your account is hacked, it means someone was able to fully access your account and send emails and requests from your actual account, pretending to be you. Hacking can occur through password-cracking attempts, or in some cases, when you have clicked on a link and provided information without realizing it.
One example of hacking could be if someone accessed your account and e-mailed your contacts asking for money or a wire transfer. In these cases, hackers often enable “rules” in your email so that if your banker emails you back to find out if the request is legitimate, you as the user will never see the message because it is sent to a subfolder in your email program, or sometimes it is even deleted altogether. Hopefully, your family, friends and colleagues would know better than to act on such an email, but people often fall prey to these scams and lose money.
How to protect your accounts
Maintain strong passwords and do not use the same password for every login. Also, consider changing your passwords quarterly to keep your information secure.
Periodically check your “sent” email and make sure there are not emails in the folder that you did not actually send.
Once you realize you have been hacked, change your password as soon as possible.
Be sure to keep your system updated and install antivirus software.
Consider enabling two-factor authorization, or 2FA. This is an added layer of protection that requires a user to provide an additional piece of information along with a username and password.
And most importantly, if you ever receive an email from a colleague requesting money, pick up the phone and call that person to verify its authenticity!
While we can’t avoid 100 percent of email scams, if we take the right precautions, we can limit our liability and better maintain our security online. If you want more information about Memphis Cyber Security or ways that we can help, contact us at 901-489-8408.