E-Mail Spoofing

What Is E-mail Spoofing?

E-mail spoofing refers to a system employed by cybercriminals to convince the unsuspecting victims that the sender of the mail is a trusted source and tries to make them click on a link from the suspicious source, transfer money, download malware, and so on. To make the ploy appear credible, the attackers can copy the design and style of a particular sender’s mails and try to make the request seem urgent and make the victims fall into the trap.

Deeper Definition

E-mail spoofing works by cybercriminals masquerading and pretending to be trusted or verified associates of their potential victims and taking advantage of that to obtain sensitive information from them. The unaware party mistakes the criminals for their colleagues and associates and lets them down guard only to be tricked and taken advantage of. Electronic mail spoofing goes as far back as the 1970s when spammers usually used it to circumvent e-mail filters. By the 1990s, it had become a lot more popular, and at the beginning of the millennium, it became a global cyber security issue. By the security protocols introduced in 2014 to help combat the menace of phishing and spoofing of electronic mails, most spoofed mails are now usually sent to spam boxes and hardly ever to the recipients’ primary inbox.

Today, about 3.1 billion domain spoofing electronic mails are sent out daily, with an estimated impact affecting many people, with losses running up to $26 billion since 2016. On average, each scam defrauded users by about $75,000. The commonly used mode of operation by the criminals is by fronting as top-level executives in the criminal arrangement known as ‘Business E-mail Compromise’ (BEC), wherein the sender pretends to be the owner or management staff and requests that employees in the financial accounting or record department send funds or sensitive information and seeing that the instruction is coming from their ‘boss’ they are liable to be deceived before detecting that they were dealing with con men.

E-mail Spoofing Example

There are records of the state’s treasuries’ funds being diverted unknowingly by staff members to individuals who pretended to be Mayors and city managers.