How To Tell If an Email Has Been Spoofed
No matter how careful you are, it seems like you can’t escape email spam. With so many websites reselling email addresses in bulk, chances are that yours is already on a few dozen lists that get sent automated messages on a regular basis.
You could also be a target of an individual scam artist who either chose your address at random or because they have a grudge against you. Long story short, not all emails you get are as legitimate as they seem.
Here are a few ways to find out if someone’s trying to scam you with a spoofed email address.
If you receive suspicious emails from banks, online vendors, friends, or online payment services, you should always look at the credentials. Official emails will almost always include a paragraph or two that show the company’s address and contact information.
Hover over the links in the contact section and check the bottom of your browser to see what type of addresses they redirect you to.
Another trick you can use is to try and match the sender name to the contact address. If, for example, you got an email that seems to be from PayPal but you’re not sure, check the customer service link. If the department’s email address doesn’t end in “@PayPal.com” or “@PayPal.co.uk” or something along those lines, chances are that the email address was spoofed.
Check for Spelling Mistakes
Poor grammar and poor choice of words are telltale signs that an email address may have been spoofed. Before dismissing an email that looks suspicious or clicking on some seemingly interesting links someone sends you, take your time and read everything carefully.
If the spelling seems off but the topic of the email was made to look official, the email is most likely a scam aimed at stealing your personal information or infecting your computer with malware.
Sometimes scammers put a lot of effort into writing these emails, but language can still be a dead giveaway. Say you’ve gotten an email from a longtime friend or former colleague, but the tone and content of the message seem a bit off.
Check for familiar expressions, slang, and shorthands before clicking on any links, downloading any attachments, or replying with the requested information. The grammar may be perfect and the spelling may be OK. However, if the language is too formal or too informal for the sender, this too could be a hint that you’re dealing with a spoofed email address.
Personal Information Requests
Companies that offer services over the internet typically don’t ask for personal information via email. Instead, they use encrypted, password-locked pages and forms to ensure that the information you enter cannot be intercepted by hackers.
If you’ve received an email that reads official, has a believable sender, but asks for personal information such as passwords, usernames, credit card information, and so on, you are likely the target of an attempted online scam.
How to Pull Up Header Information
Most of the time, reading the email header should give you a definitive answer as to whether an email has been spoofed or not.
If you’re using Gmail, click the three-dot icon or “down arrow” next to the reply button. One of the options listed should be “Show original”.
Clicking on this option should open a new tab, where you’ll see a lot of text and code that may be incomprehensible if you have no coding knowledge.
In that wall of text, there are three fields you have to look for:
- Return Path
If the return path doesn’t match the sender, the email could’ve been spoofed. Furthermore, if there are different email addresses in the Received, Received-SPF, and the sender’s name, you may be dealing with a spoofed email address.
How to Check Header Information in Other Mail Apps
If you’re using Outlook, you can check the header information by selecting View > Options. In Outlook Express, the equivalent action can be initiated from Properties > Details.
Yahoo! Mail users can select the Full Headers option to display more information about the sender address.
3. Apple Mail
If you’re using Apple’s mail app, you can open the email, select “View”, and then “Message”. The option “All Headers” should be available. Alternatively, you can just press Shift + Command + H while viewing the suspicious email.
Beware of Spam
Generally speaking, email providers do a good job of filtering out spam emails and sending them to your spam or bulk folders. However, this doesn’t mean that the occasional scam mail doesn’t slip through the cracks.
The more you use your email address to register to various websites or forums, the likelier you are to receive spam email from spoofed email addresses. As with anything else on the internet, if the content of an email you receive seems too good to be true, you should double-check the sender information before clicking on any links or downloading any attachments.