Spoofing / Impersonation
Email spoofing and impersonation are techniques where a scammer creates an email message with a forged sender address in hopes of deceiving the recipient into thinking the email originated from someone they know or recognize. Scammers will use email spoofing to help disguise themselves as a supervisor, professor, or financial organization to trick users into performing some type of action like purchasing gift cards, or volunteering personal information.
There are various techniques of email impersonation, but there are common trends as well.
Display name spoofing portrays a display name of the person being impersonated while leaving the actual sending email address intact.
Example 1: “Name You Recognize” <nameyourecognize123@gmail.com>
Example 2: ” Name You Recognize ” <nameyourecognize.unc.edu@scammersite.net>
Whenever you receive an e-mail, always check the “From” line, highlight the name with your mouse and look at the full address of the sender.
There will be warning in your Outlook client if you are replying to a non-UNC address.
Question the Content of the Message
Sometimes the best defense against phishing is to trust your instincts. If you receive a message from a supposed known source that appears out of the ordinary, it should raise a red flag. When receiving an unsolicited message, users should always question the content of the message, especially if the message is requesting information, financial favors, or directing the user to click on links or open attachments.
Before responding to any questionable message, perform the following tasks to ensure the message is reliable.
- Ask yourself:
- Was I expecting this message?
- Does this email make sense based on the sender?
- Am I being pushed to act quickly or rush to complete a task?
- Examine the email and look for:
- Sense of urgency
- Unsolicited request of personal information
- Asking for a financial favor like purchasing gift cards
- Generic greeting/signature
- Unfamiliar links or attachments
- Contact the sender of the message through a trusted channel
- If the email appears legitimate, but still seems suspicious, it is best to contact the supposed sender through a trusted phone number or open a new outgoing email message using their real email address found in your address book. Do not reply directly to the message in question.
With impersonations and spoofing on the rise, it is important to remain vigilant and always pause before replying to unexpected or out of the ordinary e-mails.