Phishing emails have been around for years, and most of us think we've got the knack for spotting spam/phishing emails, but over the past few years cybercriminals have upped their game and begun to send 'Note to Self' emails - these emails look like they're coming from your actual email address.
Note to Self emails can be difficult to detect as spam, especially when you can't use the usual steps to detect a phishing email such as, checking the sender's email address, looking for spelling mistakes, or general malicious looking content etc.
With these phishing emails, when you click on the email address or hover over it, it will only show the spoofed email address. If you check your own sent emails, you won't find the original email as you haven't been hacked - the email has come from a different IP address, but it appears as if it's been sent from your email's IP address.
Spoofed Email Addresses
Spammers have been spoofing emails for years - they used to gain the contact information from malware-infected PCs, whereas nowadays cybercriminals choose their targets carefully and use phishing emails that appear to be from friends, family, trustworthy sources or even from your own account.
Unfortunately, spoofing emails is a simple task and anyone can become a victim to it. The process involves making the email header appear as if it's coming from one person or organisation, when in fact it's coming from somewhere else - the general concept is that it involves the use of an SMTP server and email software.
If you've ever sent yourself an email, it would either show as 'Note to Self' or have your username and display picture - these spoofed emails will show the same, which makes them incredibly difficult for users to identify as phishing as seen below:
As you can see from the example above, we have added comments to highlight areas that clearly show this to be a phishing email, even though the email address is the user's email:
- Subject - The Subject references Netflix, but the content is about TV Licensing
- Sense of urgency - expires on the same day the email was sent
- Not addressed to you - Generic 'Dear customer' opening
- No personal details - TV Licensing emails usually contain your postcode
- No 'FW' - If you had forwarded this email to yourself, it would show within the email as well as in the subject line
If you were to click through to the malicious landing page, your banking details and personal data would be stolen.
How can you check if the email was spoofed?
If you can't tell that the email is fake, go into the message source and you'll be able to find the original "received from" IP address and email address.
However, if you think your email or one of your colleague's email addresses has been spoofed, please get in touch with your IT team - they can investigate further to make sure it's not something more sinister.
Not all spoofed emails are as easy to detect as the example shown above - if you receive an unexpected email from yourself or a colleague that you're unsure of, always report it to your IT help desk or call the person who emailed you to verify if they sent it. If in doubt, do not click on any links and do not enter any personal information.
If you would like more information on phishing emails and how to keep your organisation protected, please get in touch and we will be happy to help.