All about trending technology news

Email Phishing and Spoofing – All you need to know

Email Phishing or Spoofing is a type of online scam where criminals send an email that appears to be from a legitimate company and ask you to provide sensitive information.

Anyone with an email account is vulnerable to these tactics of email phishing and spoofing. This article provides the basics of these online fraud tactics, how to spot them, and ultimately how to avoid becoming a victim.

Phishing emails
Percentage of inbound emails associated with phishing on average increased in the past year, according to Microsoft security research (source: Microsoft Security Intelligence Report).

Email phishing is the act of impersonating a business or other entity for the purpose of tricking the recipient of email into giving up sensitive personal information. Data extracted from phishing often is used to commit identity theft or to gain access to online accounts.

Spoofing is similar to email phishing in that it uses deception to trick users into providing sensitive information. Email spoofing involves the use of a header appearing to have originated from someone other than the true source. Similarly, IP spoofing involves the use of a forged IP address to trick the victim’s computer into believing it came from a trusted source.

Phishing Basics

The term ’phishing’ is a spin on the word fishing because criminals are dangling a fake ’lure’ (the email and the website that looks legitimate) hoping users will provide the information the hackers have requested such as credit card numbers, account numbers, passwords, usernames, and more.

Most email users have received a message asking for verification of personal information at least once. Often, this sort of communication can look something like this:

Email Phishing

Almost always, such a request for sensitive data actually is a phishing attempt. Perpetrators of phishing attacks usually seek data such as credit card numbers, Social Security numbers, bank account numbers, birth dates, or various passwords.

But legitimate businesses, especially financial institutions, do not ask for this type of information via email.

Some phishing attacks use sophisticated software to send legitimate-looking pop-up messages requesting such information. Pop-up and email messages asking the recipient to “click here” will take users to a legitimate-looking Website to fraudulently collect an unsuspecting victim’s data.

Following are the 3 common types of phishing

Spear phishing

Phishing attempts directed at specific individuals or companies have been termed spear phishing. In contrast to bulk phishing, spear phishing attackers often gather and use personal information about their target to increase their probability of success.


The term whaling refers to spear phishing attacks directed specifically at senior executives and other high-profile targets. In these cases, the content will be crafted to target an upper manager and the person’s role in the company. The content of a whaling attack email may be an executive issue such as a subpoena or customer complaint

Clone phishing

Clone phishing is a type of phishing attack whereby a legitimate, and previously delivered, an email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email.

The attachment or link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender.

It may claim to be a resend of the original or an updated version to the original. Typically this requires either the sender or recipient to have been previously hacked for the malicious third party to obtain the legitimate email.

Spoofing Basics

As its name implies, spoofing is the act of using a faked (or “spoofed”) email header or IP address to fool the recipient into thinking it is legitimate. Unsolicited spam email unrelated to phishing often uses spoofing tactics to hide its tracks, but email spoofing often is used in conjunction with phishing.

If you have received an email that appears to be from a friend but is soliciting goods or encouraging you to follow a link, you probably have been the target of spoofing. In such cases, the perpetrator has gained access to someone’s address book by nefarious means.

Email Spoofing

IP spoofing frequently is used to launch denial-of-service attacks, in which a target computer is hit with an overwhelming amount of data and subsequently crashes. By spoofing the IP, the attacker can appear harmless and thus gain easy access.

How to Protect from Email Phishing and Spoofing?

  • Do not respond to any email message asking for personal or financial information, and do not click on any links provided in such a message (the importance of this cannot be overstated).
  • Get in the habit of never sending sensitive data (Social Security number, credit card numbers, etc.) via email.
  • Keep in mind that phone numbers provided by phishers often use Internet technology to hide the true source of the phone call, and area codes can be misleading.
  • Be careful when opening attachments or downloading files attached to emails, even if they appear to be from a friend (since spoofing can hide the true source).
  • If the Web address of a known site looks unfamiliar, it may not be the legitimate site.
  • If you are conducting bank business or other sensitive transactions online, look for the lock icon and “https” in front of the Web address indicating a secure site.
  • Be suspicious of unusually long and random-looking Web addresses.
  • Check for spelling mistakes. Legitimate messages usually are very particular about grammatical errors or spelling mistakes. Read all the emails very carefully before you take any action.
  • Always check the spender’s name. Any legitimate company doesn’t ask for your sensitive credentials over email because they already have information stored in their database. Therefore, beware of such bluffs.
  • Never click on unknown or suspicious links. Including malicious attachments in emails is a common cyber attack tactic used by the hackers. Malware can harm your device, steal your sensitive credentials or can spy on you without acknowledging you.
  • Beware of threatening messages. Messages with “Your card has been blocked cyber-attack “Urgent action required” should be given careful consideration. One of the safest things is to contact your bank whether any information is required on not.
  • Make sure your anti-virus and anti-spyware software, and your firewall, are updated regularly.

Importance of staying safe online – 8 Must Know Tips

Email Phishing and Spoofing threats continue to morph and change, often quicker than businesses can keep up with them.  

Users make computer security mistakes all the time and hackers are more than happy to take advantage of it! But knowledge is power—know their favorites and don’t give them the satisfaction, or access to your personal information, files, or data.