Email Spoofing

A technique that spammers and identity thieves use to confuse and fool people is email spoofing. The idea is that if an email appears to originate from a known sender, the target of the phishing email will be more likely to fall for the scam. Spoofing an email address is a relatively easy thing to do, but it does not pose a major problem for people whose addresses are spoofed.

In order to spoof an email, hackers will use techniques that change the "from" field in an email from the actual spam email address to a legitimate email address. Email spoofers will try to harvest real email addresses online, so it is important not to publicly display your email address. Sometimes though, hackers will simply try combinations of letters and numbers until they find a genuine email address to spoof. In those cases, there is nothing you can do to stop your email from being spoofed.

Fortunately, email spoofing is a relatively minimal threat to you and protecting your identity. If you receive a bounced back email that you do not remember sending in the first place, it is okay to simply delete the email. Chances are very high that the spoofing attempt failed and the message never made it out to anyone in the first place. It is also important to understand that just because your email address has been spoofed, it does NOT mean that your email account has been hacked. Someone may be able to spoof your email address, but it does not mean that they were able to read the messages you have stored in your email account.

Because email is so easy to spoof, it is a good idea to never put your full trust in the "from" field in an email. Always be careful not to click on suspicious links, and never email anyone sensitive data such as your passwords, your financial information or your social security number.

If you do have further questions about suspicious email that was sent out in your name, please contact the CITES Help Desk.