What is email spoofing and phishing?
Email spoofing is a type of impersonation scam in which email messages are carefully designed to look like they come from trustworthy sources. When a spoofed email message prompts a user to perform an action, such as clicking on a malicious link, sending sensitive data, or transferring funds, it is also considered a phishing attack.
Spoofing & Phishing:
Currently, outgoing email servers are unable to authenticate the legitimacy of sender addresses associated with outgoing messages. Attackers exploit this vulnerability to carry out scams by altering sender addresses, recipient addresses, reply-to fields, or even parts of the email body.
Spoofed emails and phishing attacks can be convincing, which is part of what makes them so dangerous. They slip under the radar easily, especially if the sender seems familiar, or presents a plausible concern, such as informing you of an account breach or cancellation. Email spoofing scams can be an effective way to:
- Deceive victims into providing sensitive information, such as social security information, financial details, account credentials, and so on, that can lead to identity theft and financial loss
- Distribute malware onto devices or networks
- Spread disinformation from special interest groups
Recipient servers and antimalware protection on your devices should help filter out undesirable messages—but to stay safe, update your system protection and regularly back up your data. Consider adding multifactor authentication and strong passwords on your email address(es) and any accounts affiliated with it (or them). You’ll still need to stay vigilant and remember that certain details can be tip-offs:
- COMPARE EMAIL ADDRESS AND DOMAIN—Is the email address suspicious in any way? Does it match the domain name of the original sender, with no typos, digits replacing letters, or look-alike domains?
- CHECK LANGUAGE AND SPELLING—Are there any spelling inaccuracies or issues with the language flow of the message?
- LOOK FOR MISMATCHES—Is there a difference between the sender’s name and the sender’s email address?
Example: Person Name <DoesNotMatchThePersonsName@gmail.com>
- IS IT OUT OF CHARACTER?—Does the sender’s message have a greater sense of urgency than their usual communications do?
- Avoid clicking on links or attachments, as these may contain malware to take you to malicious websites.
- Perform a search for related scams by copying and pasting the email content into a search engine. Chances are, it may have been reported somewhere already.
- Report the email to the entity being spoofed so that they are aware of the impersonation and can take steps to warn others.
- Delete the email once you’ve taken steps to report it; you don’t want to accidentally interact with it at a later time.
SPOOFED EMAIL EXAMPLE
Here’s an example of what a spoofed email might look like. What do you notice about it that looks out of line? Take a look at the “from” email address. If it is not from info@sbgecu.org or info@southbridgecu.com, it is NOT from us, and you should mark it as spam.
SCU will never contact you by email asking you to update your account information. If you are ever unsure of a communication you’ve received from us, please call a branch office at 888-599-2265. This phone service is available 24/7/365. If you call outside of our normal business hours, please listen to and follow the prompts.