Is That Email Really From Someone I Know?
[October 2024] It used to be that email was an easy way to communicate across town or across the world. But, like many things, email users need to be much more careful these days because there are a lot of bad actors out there – and now with AI, it is even more dangerous.
When I received an urgent request email from a high-ranking fellow SBE officer the other day, my first reaction was to reply in a timely manner.
As I prepared the reply, my first quick check passed: I know that high-ranking officer. Additionally, the email also mentioned the name of another chapter (financial) officer, who happened to be away. Second quick check passed: I know that officer and he knows the first officer.
With two familiar names, that email must be legitimate, right? Better answer that and get on it!
WHY YOU MUST PAUSE AND VERIFY
However, it turns out that upon closer examination, and after a phone call to double-check that request, we confirmed that the email was a spoofed email not sent by that high-ranking officer at all!
How could that happen?
For one thing, hackers troll Web pages looking for active email addresses. They even research – now made easier with AI – a person’s associated “business” and their co-workers to create an email that appears legitimate and from the name of a business or a person you might know. Sometimes these fake messages include scraped graphics (e.g., a logo) to try to make them look even more authentic.
They may also include enticing links (such as a link to photos from a recent meeting or party). Nevertheless, the link is actually malicious, and it could lead to quietly downloading and installing software on your PC to gather and send back confidential information such as your saved account passwords.
HOW TO PROTECT YOURSELF
While it is not easy to prevent hackers from sending you spoofed emails, here are some things we can do to protect ourselves.
- Always check the sender’s FROM email address. This is usually in the message details or the address that appears after the person’s name. Although you may recognize the name and it may look the same as it does on other emails, the email address may not be from their usual email address.
If the email is from a business, does the email address include the same company’s name or domain? If not, that is a big red flag!
- Look at and compare the “From” and “Reply-To” headers. If they do not match or seem suspicious, it may be a spoofed email. If your mail reader permits, check the series of headers showing the IP transit from sender to your inbox.
Based upon an examination of the message header’s source IP address, the email I received actually appeared to be from another country.
- Look for a generic greeting such as “Dear member” or “Hello.” (A possible problem, but this is not definitive, as many folks use “Hello” to friends.)
- Look for non-specific information in the email. The email I received asked for help to pay a vendor at “the association.”
- Watch for poor grammar and spelling. Often these spoofed emails are from other countries.
- Beware of urgent requests. For example, the email I received wanted something to be done quickly because an officer allegedly happened to be away.
- Beware of clicking on any links in suspicious emails. These links may not lead to the address or place that appears in the link text. An unusual extension in a large link might be the country code for some place far away.
- If you are one of those who use email forwarded to another personal email address, be careful about replying to forwarded messages. You very well could be exposing your personal email address in the reply to a bad guy.
- If your email address is connected to any online account, it is best to use multifactor authentication (MFA) because a stolen database somewhere else can be used to decrypt your credentials.
PROTECT THOSE TO WHOM YOU SEND EMAIL
To protect others, there are under-the-hood technical configurations (e.g., SPF, DKIM, and DMARC) set on servers and domains that help prevent spoofing of emails sent on behalf of your domain.
While these configurations are important factors, the message I received (from a business domain, probably a compromised account) did have these set, so it got through.
On the other hand, sometimes valid email, especially on custom domains, may not have the configuration flags set properly, so an SPF or DKIM failure, for example may suggest the email is bad when it is not. This is just one more reason to observe incoming email before acting on it.
Again, to stress the point: since my experience involved other SBE members, at least the names of people I knew, I hope this discussion helps to keep you and you email safe and secure.
– – –
James Hermanson, CPBE, CBNT, is an IT Professional III at the University of Wisconsin Madison Wisconsin State Laboratory of Hygiene. He is also currently Vice-chair and certification chair for SBE Chapter 24. You can contact Jim at jhermanson@sbe.org
– – –
Would you like to know when more articles like this are published? It will take only 30 seconds to
click here and add your name to our secure one-time-a-week Newsletter list.
Your address is never given out to anyone.