How to prevent Email Spoofing attacks
Spoofing is the act of one person pretending to be someone else to scam someone which is a malicious act. Spoofing is the illegal use of your email address by a stranger. The most common use of spoofing is when someone uses your email address as their own to send spam.
Spoofing is a technique used by computer hackers to gain unauthorized access to our computers by sending a message with an IP address saying it is coming from trusted host. This is IP Spoofing and there is also email spoofing, content spoofing etc.
Email spoofing is when the sender changes the name in an outgoing email so that it looks like the email came from somewhere or someone else. This practice is often used by spammers to stop people finding out who they are. It also means that when the spam mail is rejected by the addressee’s mail server, the bounce back message goes to whoever was specified in the outgoing mail rather than to the spammer themselves.
Different types of spoofing include those involving caller ID, email, and uniform resource locators (URLs).
Caller ID spoofing is the use of a computer program to create an incorrect identity and phone number that appears on a caller ID. The development of caller ID allowed people to readily see who was calling without having to answer the phone.
URL spoofing is when a fraudulent, often malicious, website is set up that appears to be a different, legitimate website to obtain sensitive information. The false websites can sometimes be used to install viruses or Trojans into a user?s computer, but more often are used to receive information from a user. These types of spoofing can be used to launch a more elaborate attack.
Content spoofing is generally used by the hackers in order to hack the sensitive data and information the hacker uses a special type of method in which the content shown to the users are shown legitimate but actually the contents are fake and the user processes all the information.
Phising is where the hacker or the thief sends an email posing as a legitimate firm that you might legitimately do business with. In this email it will explain something to the effect that you have to update your account or update your information, and typically it will ask you to click on a link.
Spoofing attacks differ from random scanning and other techniques used to ascertain holes in the system. Spoofing attacks occur only after a particular machine has been identified as exposed. By the time the cracker is ready to conduct a spoofing attack, he or she knows the target network is vulnerable and which machine is to be attacked.
The Spoofers or scammers get the email addresses through many ways:
Scammers write programs that gather email addresses from websites, forums, discussion boards, blogs, anything published on the internet.
Worms and viruses collect email addresses from the address books on home computers that they infect.
Email Spoofing almost always involves sending out fake email messages that either contain advertisements, links to websites selling products or ask the recipients to enter personal financial information, such as bank account numbers, credit card numbers, passport numbers, etc. into forms on Web sites that are designed to resemble the bank, credit card, or other company who they are claiming to be.
Spoofing can also happen by phone. You may get a call from someone pretending to be from a company or government agency, making the same kinds of false claims and asking for your personal information.
Email spoofing attacks can be prevented if proper precautions taken as mentioned below:
- Don?t click on the link in an email that asks for your personal information. It will take you to a fake Web site that looks just like the Web site of the real company. First check whether the message is really from the company or not. Call directly or go to its Web site. When you login on to a site using your username and password check out the other sites you get free with your username and password. Try accessing these. If you can access them without having to login again you have found a potential spoof.
- Email spoofing attack can be prevented, if someone contacts you and says you?ve been a victim of fraud, verify the person?s identity before you provide any personal information. Be suspicious if someone contacts you unexpectedly and asks for your personal information.
- Check out the list of recent Spoofing attacks and the information about Spoofing Pop-ups.
- Job seekers should also be careful from spoofing attack. Some publishers aim people who list themselves on job search sites. Pretending to be potential employers, they ask for your social security number and other personal information. First you verify the person?s identity before providing any personal information.
- To get rid of email spoofing attack change the password to your email account regularly by using programs such as Last Pass or RoboForm which can help you with these changes. Make sure that your password is strong using a combination of upper and lower case letters, numbers and symbols always be more than 8 characters.
- You will need to run a scan regularly to insure there is no malware on your computer.
- People often forget that when they sign up for accounts like Yahoo or Gmail they are asked for an alternative email address. You need to check this email address to make sure that you can still access the account. It is very common for a spoofer to hack this account and remove your login and replace it with their login.
- Security questions should be altered that are asked while sign up? for an email account especially important for signing up for online payments by not using the same question and answer for all of your accounts.
- Authenticate the key exchange between the computers or end devices on your network. This will minimize the possibility of spoofing on your system.
- Some times an account will ask for your phone number and give you a code to verify your identity. As with the security questions, check your account to make sure that your phone number has not been changed the best way to prevent email spoofing attack.
You are reduce the chance of being hacked and preventing them from taking over your account by following such precautions.
At present there is nothing we can do to avoid this attack. If you have been spoofed, please simply delete the bounce back messages. It doesn’t mean that anyone has accessed your email account. You will probably find you receive a few for a short while and then they will stop.