Someone pretending to be you?

Unfortunately email addresses can be spoofed relatively easily and an email can arrive in your inbox –  apparently sent from someone you know – but they then deny ever sending it. In this respect, email is really no different from traditional letters and parcels, but there is a vast difference in terms of scale and ease with which the spoofing can be perpetrated.

If your (physical) address is publically available, anyone can send you an unsolicited letter, or send someone else a letter, pretending to be you.   It is the responsibility of the receiver to establish the authenticity of the sender – and there are many ways to this.     Over the years, people have developed ways to spot confidence tricks, bogus letters or suspicious parcels, but we haven’t yet managed apply the same thinking  to e-communication.   Moreover, our default position is to take e-communication at face value.

While you cannot stop it, you can learn how to identify it – firstly by trusting your instincts.   Ask yourself if the email sounds authentic – would your colleague really be keen to sell you Viagra, or ask you to help extricate a fortune from a Nigerian bank?    If doubts remain, you could study the email header information – but this can be tricky!    If you feel the need to delve into the header files to authenticate the source of an email, then your suspicions should have been raised enough to allow good sense to prevail – and call us.

In More Detail

Many people these days use webmail services or corporate services where much of the detail of the configuration of mail is hidden from view, but some may remember in the past when mail clients had to be configured with an email address as the “From” address.

Whilst we all would enter our own email address into that field, there is nothing to stop a malicious person from entering any valid address into that field. And by default, the mail systems all the way from the origin of an email to the final destination – you – will not do anything to stop such a forgery taking place.

Spammers have been resorting to various tricks to get through anti-spam defences for years, and keep trying. Because it’s worth money to them.

And one of the techniques they use (which appears to becoming more common) is to use a legitimate address used at the institution they are sending to – so if they are sending spam to mike.meredith@port.ac.uk, they will pick out an address that they have on record that matches after the “@” such as postmaster@port.ac.uk.

In fact they will often attempt to send emails from your address to you! Which can be somewhat alarming the first few times you see it. But it is almost always just a spam message.

There are ways to determine technically where the origin of a message comes from but looking at the content is a far simpler way of determining whether the email is legitimate or not – even if there isn’t a definite yes or no answer. Look at the message and who it is from :-

  1. Is it “From” more than one person ? Whilst it is technically permitted, it is unusual in the extreme for legitimate emails to come “From” more than one address. If more than one address appears, it is more than likely to be an spam email.
  2. Does the “Subject” header match who sent the message? Spammers want to persuade you to buy stuff … or pursue actions that in the end will allow them to dip into your pocket. It is unlikely that the subject on such an email is the sort a co-worker would use.
  3. Does the “Subject” header match the contents of the message? Surprisingly enough, spammers will often send emails where the Subject has little or no relation to the contents of the message. If it doesn’t seem to match, then it’s a sign that the message may not be legitimate.
  4. Does the message itself mention money ? Or ask you to present some personal details (like login to an account, etc.) ? It’s very often not legitimate.
  5. Does the message seem a little … excited ? Lots of exclamation marks!!! This is another sign that something is wrong.

If the answers to at least two of the above point to a message being spam, then it can be ignored. If you are still in doubt over whether an email is legitimate or not, why not give the other person a call ?

 

This entry was posted in Uncategorised. Bookmark the permalink.

One Response to Someone pretending to be you?

  1. Pingback: Are You Practising Safe Emailing? » IS Security Blog

Comments are closed.