Directive Blogs
Is your Business a Victim of Email Spoofing?
Is your email sending out mass-mail spam messages? Have you ever received a complaint about sending unsolicited ads or obvious spam messages? Have you ever received bounced emails by the boatload that look like they have been sent from your own account, even though you know you didn't send them?
If you are in the above situation, it is likely your email is being spoofed. Email spoofing is where spammers try to trick spam filters by making spam look like it comes from a legitimate address. They do this by manipulating the email header to display your email in the "from" address, hence why you get bounces back and others believe the junk mail is coming from you. This isn't the same as having your email compromised, which is where spammers can actually get into your email account with your password and create havoc. While it's a good practice to change your email password if you notice something fishy, spoofing doesn't need access to your account to get in. Spammers do this because an email is much more likely to get attention if it's from a recognized sender.
What To Do To Resolve Email Spoofing
In some cases, an experienced IT technician can investigate the header of the email and determine the true origin. This won't typically catch the spammer, but it will point the technician to the internet service provider. At that point, the next course of action is to reach out to that ISP and have that IP blocked. This doesn't mean you won't be targeted again; the spammer could simply reinitiate the spoofing process from a computer on a different IP, and you'd need to hunt them down all over again.
Prevention Goes a Long Way
It's very difficult to stop spoofing attacks permanently - businesses need to take action to prevent them. Be aware of phishing attacks (spam emails that link to fake pages meant to look like legitimate website login pages) and ensure you are keeping your anti-malware and antivirus software up-to-date. Unfortunately, it actually doesn't take any negligence to open yourself up to email spoofing, spammers just need to know your email address. Using throwaway email addresses for signing up for accounts is a good way to keep this in check. Use your main email only for correspondence with people, and have a couple email accounts specifically for different accounts on the web. For example, setting up a social@ email for social networks like Facebook and Twitter, or create throwaway accounts for signing up for sites that you don't completely trust. It isn't to say that the websites you sign up for are spoofing your email, but if hackers gain access to your login data for that site, or if the site shares your personal information, it's possible your email could get into the wrong hands. If you suspect that your email is compromised or spamming others, contact us at Directive at 607.433.2200.