This article will tell you more about email spoofing and what to do if you receive a phishing message.
What is spoofing?
Spoofing is a fraudulent practice where an email is sent from an unknown source that's disguised as a known source. It's a tactic used in phishing and scam emails to trick you.
A spoofed email address often imitates a friend or business (such as your bank or even us: StartMail!). It commonly occurs in spam messages and is something to be aware of, especially when the content of the message does not appear to be something that the person or business in the ‘From’ field would send.
It tries to convince you that the email attachment is safe to open, or that you should follow a link to activate something. It then often asks you to login or provide bank information on a hacked website, or asks you to reply with personal details.
The spoofer is then able to use this information for criminal activities (such as identity theft, changing the contact details, or accessing your bank account).
How can I check whether a message is spoofed?
- Think critically about the content of the email - If the content seems out of character given the source, or asks for unneeded sensitive information, please contact the legitimate source to verify if the message is legitimate.
- If a message is not specifically addressed to you, be very careful, and do not open any attachments or URL in the email. One way to determine if a link is trustworthy is by hovering over it with your mouse. When doing so, most browsers will display the full URL of the hyperlinked text (URL). If the URL does not match with the page it is supposed to direct to, it is likely malicious.
In common cases of phishing, you are tricked into giving away your StartMail email login credentials, or to log into your account by clicking on a url in the email.
- When you log into your StartMail account, make sure to check the address bar to see if this is on the startmail.com or mail.startmail.com domain!
- If you receive this type of message, you can simply delete the message (or first mark the message as spam and then delete it).
Some examples of this type of phishing are listed below: