These days, most people are quite familiar with the old fashioned type of spam email, and most modern email filters do a reasonable job of keeping those types of spam out of your inbox. However, a more serious threat still impacts unaware users in the form of email spoofing. Fraudulent emails can “spoof” a legitimate email from a legitimate source to trick the recipient into downloading viral attachments or divulging personal information to a criminal source. Some spoofed emails can be quite sophisticated and difficult to detect.
Don’t Blindly Trust “From” Addresses
It is easy to alter an email message to make it appear to originate from a legitimate email address of a legitimate company, when in fact it originated from a spammer. A “From” address naming a company you recognize does not necessarily mean the email is safe. Combined with spammers using logos and images within the body of the email to make it appear official, it can be difficult to distinguish between a real email and a spoofed one.
Only Open Attachments from Trusted Senders
One reason these spoofed emails are distributed is to trick users into downloading attachments that purportedly contain important documents like forms or statements but are actually viruses or malware. Only open attachments when you’re confident about the source. Also be aware of suspicious file types – EXEs are actually programs, not documents, and it’s unusual for a form to be in this format.
Avoid Links in Emails
Another goal of these fraudulent emails is directing users to fraudulent websites that can be as sophisticated as the email itself. These websites will often ask for confirmation of usernames, passwords, or personal information that actually feeds into a database used for fraud or identity theft. Links can be altered to point to a different address than they appear to be for, so it’s better to manually navigate to a website so you know exactly where you’re going.
Confirm with the Ostensible Sender
Finally, if you receive an email from a company that you’re familiar with and do business with regularly, but are distrustful of its authenticity, it’s always a good idea to contact customer service for the company it’s supposedly from. Use contact information that you have on file or have collected from the company’s website versus information found within the suspicious email. The company can usually confirm the authenticity of the email, or help you submit it for investigation if it’s found to be fraudulent.