E-mail spoofing is the act of altering certain e-mail header fields to make them appear as if they originated from a different sender. Although this act is sometimes done for legitimate reasons, it is more frequently done for fraudulent purposes. Considered a form of spam, e-mail spoofs are typically sent out in order to obtain sensitive or personal information from the person receiving the e-mails.
Simple Mail Transfer Protocol (SMTP) is a common protocol for sending electronic mail across different Internet protocol networks. Although SMTP is standard, it is not very secure, as it does not provide e-mail authentication. Thus, e-mail spoofing is thought to be a simple process. It is most often done by changing the name or e-mail address that appears in the header section of the e-mail to make it look as though it came from an authoritative source. More complex forms generally consist of the spammer manipulating certain information and sending e-mails through open relay SMTP servers.
A spammer may use e-mail spoofing for several reasons. In many cases, fraudulent e-mails are sent to obtain personal information, such as passwords or credit card numbers. They may also contain malicious material, such as viruses. Phishing e-mails, or those sent to obtain personal information, may claim that the user must change his or her password on a certain Web site or may state that the user’s bank urgently requires an update on personal information, such as credit card or checking account routing numbers. Malicious e-mail spoofs can contain viruses that are either destructive to the user’s computer or help the spammer acquire information about the user’s e-mail habits, sensitive documents, or e-mail contacts.
Although it can be difficult to detect e-mail spoofing in some cases, certain clues often can indicate that the e-mail received has been forged. For instance, it is important to keep on eye on writing style, as most companies and Web sites have a standard way in which they relate to their users. Hovering the cursor over any links in the text is another way to see if the e-mail is legitimate. Spoof e-mails will often contain a string of numbers and letters that do not display any information pertaining to the Web site that the e-mail is claiming to be from. Researching certain header fields, such as the Return-Path or From fields, may also be necessary.