Salesforce

What is email spoofing?

Printable View
« Go Back

Information

 
TitleWhat is email spoofing?
Resolution Description

What is it? 

Email spoofing is a technique used in spam and phishing attacks to trick users into thinking a message came from a person or entity they either know or can trust. In spoofing attacks, the sender forges email headers so that the email the recipient receives displays the fraudulent sender address, which most users take at face value. Unless they inspect the header more closely, users see the forged sender in a message. If it’s a name they recognize, they’re more likely to trust it. So they’ll click malicious links, open malware attachments, send sensitive data, and even wire funds.

What can I do?

  • Report the suspicious email. See: How to Report a Suspicious/Phishing Email
  • Never click links to access a website where you’re asked to authenticate. Always type the official domain in your browser and authenticate directly on the site.
  • The steps to view email headers are different for each email client, so first look up how to view email headers for your inbox software. Then, open email headers and look for the Received-SPF section of the headers and look for a PASS or FAIL response.
  • Copy and paste the content of an email message into a search engine. Chances are that text used in a common phishing attack has already been reported and published on the Internet.
  • Be suspicious of an email supposedly from an official source with bad spelling or grammar.
  • Avoid opening attachments from suspicious or unknown senders.
  • Emails promising riches—or anything else that’s too good to be true—is likely a scam.
  • Beware of emails that create a sense of urgency or danger. Phishing attacks often try to short-circuit recipients’ natural skepticism by suggesting that something bad will happen if they don’t act quickly. Treat email links with extra caution if the message warns of pending account closures, scheduled payment failures, or suspicious activity on one of your financial accounts. Visit the website directly through your browser, not the link in the email.

Related Articles: 

How can I tell if an email is real/legitimate/safe? Is it phishing/spam? What should I do?
What do I do if my account is compromised? What if I click on a phishing email?
What type of cyber threats should I be aware of?

URL NameWhat-is-email-spoofing
Powered by