Ever receive an email that looks like it’s legitimate, but you can’t quite put your finger on the problem? It is possible the email could be spoofed.
In an earlier article entitled “Have You Been Spoofed?” by fellow tech Mike Buonaspina, he explained how hackers can use social media to identify one’s inner circle of friends and pretend to be them when sending an email. In this article, we elaborate on another way to identify email spoofing so that you don’t fall prone to email hackers who are using disguises to trick you.
SPF or Sender Policy Framework is another defense from people sending emails out claiming to be another person. Whenever you send an email, there is a hidden “To:” field and a shown “To:” field. This is the same for the “From:” field. One is visible to everyone and the other is hidden, but both can be spoofed. When you send out an email, the DNS (domain name server) checks to see if it is coming from you or another person. If the check fails, that means the email could be coming from another mail server.
The above image was taken from a sample email where a hacker was disguising himself as a legitimate company. The visible “From:” field looked like the company, but the SPF failed and the hidden “From:” field was redirecting to another domain. If one were to click “reply,” one would be taken to a fake website.
Keep in mind, SPF is not failsafe and can have false positives, and these will not always be blocked by the mail server. Always check your messages, and if something seems off, double check where an email is really being sent. There is also a tool that can analyze the email if you are tech savvy, shown here: https://mxtoolbox.com/Public/Tools/EmailHeaders.aspx.