Report spoofing emails

What is Email Spoofing?

Email spoofing is a technique used by internet criminals to send forged emails to make the receivers thinking that the emails are actually from the email address owner. In this scenario, the victim’s email address was put in the email sender, when the receiver got the email, it shows to the receiver that the sender is from a reputable resource, so they trust it to click attachments and links which generally contain viruses or phishing links to trick the receiver to reset their email password. When internet criminals put other’s email addresses on the sender, it is determined any bounce or reply by the receiver will only return to the actual email owner’s email box, thus criminals generally attach virus and phishing links in this kind of email to the receiver, and they’re not expected to get receiver’s reply.

How to detect email spoofing?

Email spoofing can happen to anyone, business, and organization. One way to stop it is to set up an SPF, DKIM, DMARC failure rejection on your email service provider, in this way, only authentic emails from the actual sender can be received in your email box.

The best way to detect email spoofing is to check the email header on the email you received, click “view source” and find if anything like SPF, DKIM, and DMARC, if you see “failure” on it, most possibly you’re received a spoofing email.

You should also view the email content, spoofing emails generally put nothing related to your business, something like “purchase order “, “payment” etc that has not been discussed with you before. Here below is an example:

In the above example, the criminals just put our email address but using a person and business name nothing related to us. If you paid attention to the email content “please find the attachment”, you will understand the criminal is wanting you to open the attachment. Of cause, he had attached it (the same email had been sent to many others, we found from the bounce). As the receivers had replied to the email, so we know somebody had pretended us to send the scam. Here below is the receiver’s reply:

As the criminals had sent the same email to many others, we had found a bounce of the same email sent to simply as below which shows who had sent that emails :

As the receiver had set up a DMARC failure protection to prevent spoofing emails, the bounce was directly returned to our email which shows the criminals’ sending IP 185.167.163.14, from whoismyisp.org, you can find the IP belongs to Zemlyaniy Dmitro Leonidovich, so the criminal is using Zemlyaniy Dmitro Leonidovich’s services to send spoofing emails.

Final words:

Every business has a social responsibility, email spoofing is a big harm to our business environment, each business, individuals should work together to fight it. A small step today, a big improvement tomorrow, please report spoofing emails you received which pretending to be sent from us to [email protected]