A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Spoofing

Type of attack where the source of an email is faked

Spoofing is a type of attack where the source of an email is faked. The attacker writes you an email that looks like it’s from someone you know (perhaps after intercepting a prior email) and tries to gain some information about you. See also Email – Phishing.

Most email clients do not try to detect spoofing, so the only way to be sure of the source of an email is to look for a digital signature. Digital signatures are a way of coding messages so that the content and sender information cannot be altered along the way. Signing and encrypting email are the two best ways to make sure your email is secure.

Protective Measures

Practices

  • Never trust unsigned email: Be suspicious of unsigned email from someone who usually sends digitally signed emails. If you are unsure, contact the sender to check if they sent you the email.

Tools

  • Secure Web email: Some Web-based email providers offer built-in privacy features. However, in order to reap the benefits, both the sender and recipient must use the service. Hushmail  is one provider of secure Web email.

  • Digital signatures: Digital signatures let you know that the person who sent you an email is who they say they are and the information in the email was not altered along the way. You can learn how to create digital signatures for your emails on the Microsoft Office site .

Connect Safely from Different Places

Office

Signing and encrypting are particularly important when sending or receiving critical or sensitive business information via email.

On the road

Depending on the email system of your Internet service provider, your email may not be as private as you think. An attacker could be able to get your password, read your email, and impersonate you, without even needing to intercept one of your messages. When you use public computers or public Internet connections be especially careful about what information you share, since your privacy is most vulnerable in these situations.

Ethical Issues

Since the practice of spoofing involves deception, fraud and dishonesty, it is clearly unethical.

Privacy Issues

Don’t be fooled into giving away any private information over email just because you think you know the sender. No company, organization, or bank should be asking you for private information such as your username, password, or social security number over email. If you are unsure about an email, call the organization to double-check.

Links

References

Filing a complaint

My home page