Nextworks Logo
Back to Nextworks  

Email Spoofing

IT Lockdown
   

NEXTWORKS IT SECURITY TRAINING SERIES

Revised March 2022 | Nextworks


Have you received an alert from an acquaintance that they received a peculiar email from you? And, you didn’t send it?

This eventually happens to nearly everyone. (Business and government emails are more commonly affected than personal emails.)

Your likely first reaction is that you are the victim of a hacker.


The Likely Good News

Your email has likely not been hacked. However, you should look in the following places in your Outlook for these common signs from a hacker:

  1. Look in your Sent mail folder for any suspicious email from you.
  2. Look your Deleted Items folder for any suspicious email from you.
  3. Look in your (Email) Rules for any suspicious incoming email rules.

If you don’t see anything out of place, then the emails probably were not sent from you. A good hacker would cover their tracks. But we’re often dealing with bulk spammers, and they usually don’t spend the time to clean up after their dirty work. They merely don’t care.

If you do see something out of place, change your password immediately and contact Nextworks. We can be sure that your email has 2FA enabled to help prevent future occurrences.


The Bad News If You Are Being Spoofed

The spammer is using your name. They use software that develops a database of relationships. They mostly obtain this from social media, the dark web, or hacking large organizations (which you see in the news from time to time).

They figure out who you know. They then send “spoofed” emails to your acquaintances posing to be you.

There is nothing you nor Nextworks can do to stop it. It’s likely they opened a Gmail, Yahoo, or other account, and simply entered your name. They are anonymous.


Conclusion

Anyone can open a free account and privide any name they want. No one can prevent this.

As a result, be cautious of emails you receive. We have written an additional short whitepaper, Email Security Awareness helping you to stay alert.


Q&A

Why doesn’t my spam filter help?

These are personal emails. They are written from one individual to another. They are sent from a legitimate mail provider such as Google, Yahoo, Outlook.com, etc. It’s difficult for a spam filter to detect them all. Many get blocked. Some don’t.

Isn’t there anything at all I can do to clear my good name?

Other than reaching out to people you know, which is likely a rather large list, there isn’t much anyone can do. The receiver of the email merely needs to examine the email address to see that it’s not yours. They share in the responsibility.

Can Nextworks trace the message and stop the spoofing?

Finding the individual who made the fake email account is not feasible. They could be anywhere in the world.

[ Download the PDF version of this document. ]   [ Return to IT Security & Training home. ]

Celebrating our 11th Year Anniversary!