It's About Women - What Is Email Spoofing and How Can You Protect Yourself?

Spoofed Emails

Spoofed emails have unfortunately become a real problem for email users, website visitors, and businesses. Email has always been an insecure means of communication, but now it has become downright untrustworthy. Corporate logos, links to websites, and references to government or corporate security agencies can all be "spoofed" in an attempt to get you to give up some piece of personal information that can then be used to victimize you.

It's About Women never sends out email containing attachments. Nor do we ever send HTML email. Therefore, even if an email appears to come from us, any email that includes an attachment or is in HTML format, it is not from us and likely contains a virus. Do not open it or click on any links. If you receive email that looks like it has come from anyone@itsaboutwomen.com (or anyone else that you don't know or haven't requested email from) and you have not requested information or provided us with your email address, you have received a spoofed email. It's About Women will not send you email for any reason without being requested to do so. Click here to read more about email spoofing....

Phishing Scams

The phrase "phishing scam" is used to describe an attempt made by an unscrupulous person(s) to acquire unsuspecting users' bank accounts, credit cards, or social security numbers. Used all over the world, these scams usually spoof well-known companies such as Amazon, CitiBank, PayPal, Wells Fargo, BankOne, etc. Phishing scams can appear authentic and that is why it is important to know what they are and how to avoid them. Read more about phishing scams...

Email and Internet Hoaxes

Hoaxes usually arrive in the form of emails. Look for the phrase "Forward this to everyone you know!" This instantly makes the message suspect. Also look for statements such as "This is NOT a hoax." More than likely, the truth is just the opposite. Be skeptical of chain letters. Disregard the hoax emails—that contain bogus warnings usually intent only on frightening or misleading computer users. The best course of action is to merely delete such emails.

Please refer to the Symantec Security Response site whenever you receive what could be a bogus message that asks you to delete files on your computer or concerns a new virus or a promotion that sounds too good to be true. Symantec also provides virus information. Snopes and Urban Legends are other recommended Internet reference source for hoaxes, urban legends, folklore, myths, rumors, and misinformation. Either site will help you determine if the email you have received is legitimate or a hoax. Always check before forwarding such emails to your friends and relatives.

What is email spoofing?

Email spoofing is practiced to veil the source of virus-laden emails, often to attempt to obtain sensitive information from recipients of such emails (again without revealing the source of the spammer), or even just to cause embarrassment for the owner of the spoofed address.

Email address spoofing works by substituting the details in the 'From' field of an email with an address either guessed or harvested from one of many available repositories of valid email addresses (including the address book of virus-infected computers). Usually, the address the email is being sent to is also gathered from such a source. Making such a substitution and sending the email is a relatively simple procedure because the process encounters few points at which the validity of the addresses can be checked along the route an email takes, and the options for screening at these points are limited.

What can be done about it?

To prevent spoofing, it would be necessary to have the capability of checking the validity of email addresses at key stages along the path an email takes to its recipient. However, because email can be sent directly from a source computer to a recipient's mail gateway, and because there are numerous 'open' email relays on the Internet, it is currently impossible to prevent email addresses from being spoofed.

You may see an email with a virus alert come from someone you know. Most likely, the message was not actually sent from the person it claimed to be from. For instance, Klez is a particularly widespread worm at the moment, and when it infects a machine it immediately sends an email to everyone it finds in the address book. Unfortunately, it also sets the "From: field" of the email to read that it is from someone in that same address book. In some cases, it is even emailed to the person that it claims to be from.

The removal address is used in a manner common to spammers for allegedly allowing recipients to remove themselves from a list. Clicking a removal link and entering your email address in the form for removal can tell the spammer that you have a viable email address and by so doing, you likely will get more spam from him and whoever else he sells or trades good valid email address lists with.

It's not always a virus that causes you to receive an email from someone who didn't actually send it, however. There are plenty of people with far too much time on their hands sending emails out to people and spoofing the return address just to be obnoxious.

What can you do about it?

It is impossible for any organisation to prevent its email addresses being spoofed, but there are steps that email users can take to minimize the impact of spoofed email and spam.

Always treat email from people or organizations you do not know as suspicious, especially if the advertised benefit of reading the email or the opening of an attachment is worded to make you click first and think later.
Consider whether the tone of the message or the language used is consistent with what you would expect of the organization or the sender.
Keep your computer protected with reputable anti-virus software, and ensure that you keep it up to date with the latest virus profiles.
Never give personal details or passwords out over the internet unless you have initiated the transaction and you are confident of the identity of the receiving party (for example by ensuring the transaction is encrypted).
Limit the number of sites on the Internet at which you register your email address and always make sure that any registrations you do make are with reputable organizations. This reduces the likelihood of your email address being harvested and subsequently spoofed or appearing as the recipient in a spoofed email.
Pay attention to your general anti-virus security. Here the advice is be sensible. Make sure you are running an up-to-date antivirus program, and don't open attachments unless you were expecting them.

There are many good sources of information about email spoofing. Below is a list of reference sites, and you can also find information about viruses on most anti-virus software suppliers’ websites.