Email Spoofing

What is email spoofing?

Email spoofing is the process of sending an email using a forged email address. This is done with the intended purpose of tricking the recipient into trusting the email and sender. This technique is commonly used in phishing attacks and if successful, your account and device can be put at risk.

The difference between email spoofing and domain impersonation

Firstly, it's important to understand what the difference is between 'email spoofing' and 'domain impersonation'. While both techniques are used in phishing attacks, they do have slight differences which are important to recognise.

Domain impersonation

Domain impersonation involves the sender/attacker impersonating a reputable organisation/domain as closely as possible, but not completely.  An email may come from 'customerservice@amaz0n.co' while the legitimate organisation email is 'customerservice@amazon.com'.

Email spoofing

Using the previous example, email spoofing is when the attacker uses a Simple Mail Transfer Protocol (SMTP) to edit the 'from', 'reply-to', and 'return-path' addresses to appear as a legitimate email from 'customerservice@amazon.com'. This is what makes spoofed emails extremely dangerous, as they appear to be from a legitimate and trustworthy source.

What does a spoofed email look like?

The most common ones we see are emails requesting the recipient to act urgently. There will often be an urgent request for you to respond with contact details or other personal information. They may also request you access a malicious link or attachment in the email.

If you are suspicious and unsure if an email has been spoofed, please examine the email, and look for the following:

  • Use of hidden “Reply-To” headers, which alter the reply address. When you reply to the message, the address will be different to the "from" address shown in the original
  • Sense of urgency – Are you being requested to do something urgently?
  • Request for personal information – Are they requesting personal information such as your contact details?
  • A generic greeting or signature
  • Any suspicious links or attachments

Your account or device is compromised?

If you have engaged with a spoofed or phishing email, there is a high likelihood that your account or device may be compromised. This can happen in a few different ways:

  • Clicking on a malicious link
  • Entering your personal or University credentials into a malicious website
  • Opening a malicious attachment within the email
  • Responding to the email with personal details or credentials

If you suspect this has happened, please reset your UNE password as soon as possible and contact IT Support. We will run through the steps with you to secure your account. If you have provided any personal email addresses or information, it is highly recommended you also change the password for that account. Malicious websites and documents can download and install malware onto your device, running a malware scan using your antivirus should remove any malicious software.

Request IT Help Teamviewer Eduroam