Have you ever received a “spoofed” spam/virus/phish email that claimed to be from the party you know and trust?Or, to rephrase the question, how many do you get every day?
A technique where an illegitimate sender deliver an email message pretending to be from someone else is called “email spoofing”.
Spammers, scammers and criminals have found that recipients are much more likely to take desired action if the email appears to be sent from a known organization, such as their ISP, their bank, PayPal, eBay etc.
There are generally four types of email spoofing:
Spammers are using email spoofing with one particular objective on their minds: to get you to buy their products. Spam is frustrating, eats up our time and is illegal in many countries, but it is significantly less dangerous than the other types of email spoofing abuse.2. Phishing
In a phishing attack, a fraudster spams the Internet with email pretending to be from a trustworthy e-commerce website or a financial institution. The email asks the recipient to click on a link to carry out a transaction or to change their personal profile. The link takes the recipient to a fake website which looks just like the original one. All the sensitive information entered by the vicitim (such as the credit card information, social security number, address etc.) will be sent to the scammer. They often thrive on fear (i.e. “Your account is suspended – click to revive”, “Update your status or your account will be locked” etc.). This is a very dangerous form of email spoofing and can result in heavy financial loss to its victim. Be careful. Assume that your financial institution will never email you asking to “click on the link and update your profile, or else”. If you have to change your account’s profile, then open up your browser and manually type in the website address instead.3. Viruses
Viruses have evolved and their programmers employ various social engineering tricks in the attempt to spread their creations as much as they can. Viruses will often spoof the headers, pretending to be sent from a reputable party (i.e. the ISP of the victim) and asking the recipient to open the attachment which will install the virus and spread it around. It should be noted that some of the content sent by viruses may feel genuine. Don’t be fooled. Install an up-to-date anti-virus software and keep it up and running at all times. If you are using Outlook Express, consider switching to a safer email program, such as Mozilla Thunderbird. Even then, be very cautious of any email message that asks you to launch an attached file, even if it claims to be from your friend or your ISP.
A few days ago we received an email from a customer who was worried that he got a message from us that we were shutting down our servers for the next two days.
It looked like this:
Dear user of GetResponse.com e-mail server gateway, Our main mailing server will be temporary unavaible for next two days,
to continue receiving mail in these days you have to configure our free
auto-forwarding service.For details see the attached file.Cheers,
The GetResponse.com team http://www.getResponse.com
This email is fake and was never sent by us — it’s a virus that pretends its a message from us, asking the user to “see the attached file” which will spread the virus.4. Joe-jobs
A “joe-job” is essentially a spam designed to look like its coming from someone else, in a malicious attempt crafted to hurt the victim and to pin the blame on them. The original “joe-job” took place in 1996 when Joe Doll was accused for spamming he didn’t do. Full story is available here.At GetResponse we were hit with several joe-jobs over the last 7 years. We believe that most of them were initiated by frustrated customers who lost their accounts due to spamming, but our evidence shows that at least one such joe-job was initiated by our competitor who sent a spam-like email that pretended to be from us. Not nice, but negative karma bites back eventually!
What can be done to prevent email spoofing?
When it comes to dealing with spoofs, your ISP/email service provider can implement an anti-spoofing system (such as SPF) that will significantly reduce the number of incoming spoofs.
If you have recently received a spoof claiming to be sent from a provider such as @getresponse.com, @hotmail.com, @aol.com, @rr.com etc., chances are that your ISP hasn’t implemented SPF.
As your ISP/email provider, they are responsible for your safety and should not ignore the dangers of email spoofing.
There are a few things you could do.
1. Do nothing and continue to receive spam, phishing attempts and viruses, hoping that you will not become one of their victims.
2. Change your ISP to one that respects the safety of your Internet experience.
3. Contact your ISP and let them know how you feel about this problem.
I recommend that you send an email to your ISP at:
firstname.lastname@example.org and email@example.com (domain.com being your ISP’s domain name). You may use the following template, or come up with your own message:
Subject: URGENT – email spoofing at [ISP name] Prority: High Dear [ISP name] Postmaster,I am an [ISP name] customer and I am very
concerned about the fact that you are not doing
enough to protect me and your other users against
email spoofing.Recently, I have received a malicious email that
claimed to be sent from a party that I trust.
I do not wish to receive such emails.
This would not have happened if your email system
was using a widely adopted anti-spoofing solution
such as SPF. It is spreading rapidly and is currently
employed by most of the major ISP/ESP providers.
Another implementation is Yahoo’s Domain Keys.
For more information on these standards, please
review the following sites:
As an ISP/email provider you are responsible for
ensuring the safety of your members’ Internet
experience and as your customer I insist that you
take this matter very seriously.
I am looking forward to hearing from you soon.
You could also get in touch with their Customer Support Department by phone and ask for this issue to be escalated to the appropriate department.This is not an effort in futility. I know several cases of ISPs that had been considering implementing an anti-forgery solution but didn’t really implement it [b]until[/b] their customers started complaining.At GetResponse staying on top of the latest email trends and solutions is our top priority, as to ensure the highest possible email deliverability for our users. Technologies like SPF and DomainKeys are dramatically helping in the battle against forged email, but are only partially effective unless more ISPs are on board.
If your ISP/ESP hasn’t seen the light yet and is letting forged email messages into their mail systems, please get in touch with them and help to make a difference. Your mailbox will thank you.
Simon Grabowski, CEO of GetResponse, an Implix Company.
GetResponse is an opt-in email service provider with over
7 years of managing autoresponders, newsletter hosting
and follow-up for small businesses and large corporations.
Learn more: http://www.GetResponse.com
This article has originally appeared on GetResponse Blog.