What is email spoofing and how do you secure it?

What is email spoofing and how do you secure it?

Not everyone knows phishing, knows how it works and how to avoid it. So to scratch it up, it's an activity that cybercriminals make use of by creating different types of traps with the intention of obtaining valuable information on you. Often they try to get information about where you have accounts, about banks, card companies, PayPal, etc. As a student, you can not afford to stolen your personally sensitive information, so read on and learn how to avoid email spoofing.

Email spoofing
Cybercriminals use different techniques to make their "fake" emails look like official emails and messages from, for example, SKAT, Danske Bank, Nordea and the like. public authorities. They do so by getting their emails and messages to look as if they were sent from a person or company you trust.

This technique is called e-mail spoofing and it can be defined as a method that cybercriminals use by using valid emails from other people or companies to send you phishing emails and messages.

For example, you can receive an email from your bank that looks fully valid as the email ID is related to your bank. The only difference between the mails that come directly from your bank and email spoofing is that they will typically ask you for personal and financial information and have you click on a link they've sent. It's important that you never click on links in emails when prompted to update some information as you never know when it is a phishing attempt. Therefore, we recommend that you always enter the web address manually in such cases.

How does email spoofing work?

If you have noticed the actual configuration of the email account in your email contacts, you know that the outgoing server always contains SMTP also called the Simple Mail Transfer Protocol. All users use an SMTP when sending an email. However, this protocol can be exploited and is why not all spam smokes in the spam folder.

However, the protocols for this were updated in 2008, but still do not contain any filters that can distinguish between original and manipulated headings.

When you send an email using webmail and email contacts, the webmail or clients attach a header to the email so that the recipient knows where it comes from believing that the mail is valid. Unfortunately, these headlines can be easily utilized and edited manually.

How to protect yourself from email spoofing


Many of the rules that apply to protect you against email spoofing are the same as in case of phishing.

  • If you receive an email that does not make sense immediately, it is recommended that you delete it.
  • If the e-mail comes from a financial institution asking you for a password or other personal / financial information, please contact the financial institution to confirm that they have sent you the e-mail.
  • Never click on a link that is included in an email - always enter them into the browser's address bar manually.
  • Consider using an anti-virus software such as AVG Internet Security that possesses an anti-spam technology that is capable of blocking email spoofing attempts.
  • Always notify the falsified institution if you receive an email in their name. As you inform the institution, you can also include a CC to "cert@cert.org", so cybercrime cells can also look at it.
  • If you use email clients like Mailbird, Opera Mail, Microsoft Outlook from Microsoft Office or Mozilla Thunderbird, you should always mark suspicious email messages like spam or junk. That way you slowly "learn" your e-mail client to sort fake and fraudulent emails and your inbox will appear far more clean and devoid of potential email spoofing emails.

These rules are the most common to protect themselves, but the best way to protect themselves is by using a digital signature. If you send a digitally signed e-mail, the e-mail client will at the end of the receiver analyzeSear the headline to search for manipulation. If it finds something suspicious, it will notify you when you try to open the email.