Connect with us

Hi, what are you looking for?


The 411 on Forged Emails

E-Mail concept

The last thing you want to see in your inbox is an obviously forged email posing as your favorite online store, or worse, your bank. But the irritation you may feel encountering such an email can easily turn to fear once you’ve clicked a link from that untrustworthy sender because you couldn’t even tell that someone forged the message. At best, it’s nothing a little cookie cleanup won’t take care of; at worst, you’re dealing with a virus or compromised passwords.

So how do you avoid forged emails? The trick is to know what you’re looking for and how to deal with it. This article addresses some background about forged emails as well as instructions on how to keep from falling victim to them.

What Exactly Is a Forged Email?

A forged email, otherwise called “email spoofing,” is a seemingly legitimate email sent from an untrustworthy source. In some cases, though, the sender is a legitimate person (a friend or colleague, for instance) with a compromised computer. Forgers aim to either acquire sensitive information, a process known as “phishing,” or to send viruses and other malware. So links are quite common in forged emails.

Does Anyone Fall for Them?

In a forger’s world, it’s usually quantity over quality. This means they’re not particularly interested in sending out the most eloquent or grammatically correct emails. Instead, they’re looking to hit as many recipients as quickly as possible.

To paint a clear picture of just how effective these forged emails are, here are some facts for your consideration. Phishers or forgers send 150 million phishing emails daily; 16 million make it past filters, and subsequently, victims open eight million. People click up to 800,000 phishing links daily. These numbers are staggering, to say the least.

In some cases, known as “spear phishing,” forgers go for quality and carefully craft messages to trick specific individuals. These are the hardest forgeries to detect and can have the most serious impact on an organization.

How Can You Recognize Suspicious Emails?

As with all scams, forged emails are usually entirely harmless to those who recognize their danger. But how do you know exactly what to look for? Here are a few things to be aware of.

As indicated earlier, suspicious emails are rarely error-free. This is because they’re often rushed, urgent in tone, vague, and rather juvenile in writing. “Click here NOW,” is a direction you should stay away from. And be wary of emails that address you as Customer; that’s a clear indication the sender doesn’t know you. If the email is from a familiar source, make sure the address matches the one you know.

A costly, yet all-too-common mistake people make is to submit sensitive information online. Emails are rarely, if ever, used to communicate private and sensitive information. For example, the bank will never prompt you to complete sensitive transactions through email. As a general rule of thumb, entirely disregard an email that’s requesting your bank account details, credit card information, your Social Security number, your passport number, or any other identifying information.

Protect Yourself

Sender Policy Framework (SPF), Domain Keys Identified Email (DKIM), and Domain-based Authentication, Reporting, and Conformance (DMARC) are all high-quality sender validation tools. Most companies use them to validate their sending and the sender’s servers, differentiating themselves from forgers. For example, companies use SPF to publish the servers authorized to send their emails.

In order to fully protect yourself, you may need to do some additional work. First, subscribe to a top-grade filtering system that uses DKIM or SPF and enable those filters. They’ll catch many fraudulent activities before you encounter them in your inbox. Second, do not click on links from unknown sources (or on any link that you’re not expecting). This is a sure way to fall victim to forged emails. And remember, always take your time to properly scan and assess an email before you respond to it.

Written By

LuxSci founder Erik Kangas has an impressive mix of academic research and software architecture expertise, including: undergraduate degree from Case Western Reserve University in physics and mathematics, PhD from MIT in computational biophysics, senior software engineer at Akamai Technologies, and visiting professor in physics at MIT. Chief architect and developer at LuxSci since 1999, Erik focuses on elegant, efficient, and robust solutions for scalable email and web hosting services, with a primary focus on Internet security. Lecturing nationally and internationally, Erik also serves as technical advisor to Mediprocity, which specializes in mobile-centric, secure HIPAA-compliant messaging. When he takes a break from LuxSci, Erik can be found gleefully pursuing endurance sports, having completed a full Ironman triathlon and numerous marathons and half Ironman triathlons.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You May Also Like


In today’s digital era, where the Internet plays a vital role in our lives, it’s important to put security and privacy first. With the...


Tailgating is a smart use of social engineering by intruders to get around traditional security systems. It involves people using rare, natural opportunities to...


It may seem with data security breaches that it’s less a matter of if than when. Account security is vital, yet hackers continue to...


One in four businesses is likely to experience a data breach, with the average cyberattack costing businesses up to $3.62 million in 2017, according to...