The last thing you want to see in your inbox is an obviously forged email posing as your favorite online store, or worse, your bank. But the irritation you may feel encountering such an email can easily turn to fear once you’ve clicked a link from that untrustworthy sender because you couldn’t even tell that someone forged the message. At best, it’s nothing a little cookie cleanup won’t take care of; at worst, you’re dealing with a virus or compromised passwords.
So how do you avoid forged emails? The trick is to know what you’re looking for and how to deal with it. This article addresses some background about forged emails as well as instructions on how to keep from falling victim to them.
What Exactly Is a Forged Email?
A forged email, otherwise called “email spoofing,” is a seemingly legitimate email sent from an untrustworthy source. In some cases, though, the sender is a legitimate person (a friend or colleague, for instance) with a compromised computer. Forgers aim to either acquire sensitive information, a process known as “phishing,” or to send viruses and other malware. So links are quite common in forged emails.
Does Anyone Fall for Them?
In a forger’s world, it’s usually quantity over quality. This means they’re not particularly interested in sending out the most eloquent or grammatically correct emails. Instead, they’re looking to hit as many recipients as quickly as possible.
To paint a clear picture of just how effective these forged emails are, here are some facts for your consideration. Phishers or forgers send 150 million phishing emails daily; 16 million make it past filters, and subsequently, victims open eight million. People click up to 800,000 phishing links daily. These numbers are staggering, to say the least.
In some cases, known as “spear phishing,” forgers go for quality and carefully craft messages to trick specific individuals. These are the hardest forgeries to detect and can have the most serious impact on an organization.
How Can You Recognize Suspicious Emails?
As with all scams, forged emails are usually entirely harmless to those who recognize their danger. But how do you know exactly what to look for? Here are a few things to be aware of.
As indicated earlier, suspicious emails are rarely error-free. This is because they’re often rushed, urgent in tone, vague, and rather juvenile in writing. “Click here NOW,” is a direction you should stay away from. And be wary of emails that address you as Customer; that’s a clear indication the sender doesn’t know you. If the email is from a familiar source, make sure the address matches the one you know.
A costly, yet all-too-common mistake people make is to submit sensitive information online. Emails are rarely, if ever, used to communicate private and sensitive information. For example, the bank will never prompt you to complete sensitive transactions through email. As a general rule of thumb, entirely disregard an email that’s requesting your bank account details, credit card information, your Social Security number, your passport number, or any other identifying information.
Sender Policy Framework (SPF), Domain Keys Identified Email (DKIM), and Domain-based Authentication, Reporting, and Conformance (DMARC) are all high-quality sender validation tools. Most companies use them to validate their sending and the sender’s servers, differentiating themselves from forgers. For example, companies use SPF to publish the servers authorized to send their emails.
In order to fully protect yourself, you may need to do some additional work. First, subscribe to a top-grade filtering system that uses DKIM or SPF and enable those filters. They’ll catch many fraudulent activities before you encounter them in your inbox. Second, do not click on links from unknown sources (or on any link that you’re not expecting). This is a sure way to fall victim to forged emails. And remember, always take your time to properly scan and assess an email before you respond to it.