ALERT! – Email Spoofing

In recent weeks we have seen more email spoofing attacks that may be targeted to members of Metro Seniors. We see these every few months or so. It happens all the time.

What is a Spoof?

Email spoofing is a technique used in spam and phishing attacks to trick users into thinking a message came from a person or entity they either know or can trust. In spoofing attacks, the sender forges email headers so that client software displays the fraudulent sender name and perhaps address, which most users take at face value. Unless they inspect the header more closely, users see the forged sender in a message. If it’s a name they recognize, they’re more likely to trust it.

Replying to the email confirms that your email is a live contact, you are a bigger target. Clicking on a link can load malware attachments, your computer is compromised. Sending sensitive data opens you to further attack. Sending money or buying gift cards and sending pictures simply drains you bank account.

NOTE: The malicious sender probably did not “hack” the trusted person. They simply found a name associated with your email address from anywhere on the web. Your email and contacts are probably widely available from many sources. Anyone can get a free email address and put anyone’s name to it.

WHAT TO DO?

If you get an “unusual” email from a trusted contact. It may have no subject or something like “Request:, “Urgent”, “I need a favor”.

FIRST – look at the email sender name and then carefully examine the email address and subject. If something looks wrong it probably is.

SECOND – Tag the message and sender as SPAM, and delete the message. DO NOT OPEN, the email, DO NOT REPLY OR CLICK ON LINKS IN THE BODY. Each of these may expose you to even more malicious activity. By adding these to SPAM lists your internet provider can weed out many of these for you and everyone else.

DO NOT SEND MONEY. DO NOT BUY OR SEND GIFT CARDS. NONE OF US IN METRO SENIORS WILL ASK FOR EMERGENCY FUNDS LIKE THIS. WE ALL HAVE RESOURCES TO COVER OUR PERSONAL NEEDS.

If you are concerned about the supposed “sender”, try contacting the “sender” via your normal channels – email address in your contact list, cell number, whatever. They will confirm it was not them.

Unfortunately there is little else you can do. You must be wary.

Leave a Comment