Has anyone ever told you that they got a weird email from you; one that you never sent? Often it tells them to click a link or directs them to send money.
This is an internet scam called email spoofing. While the emails appear to be from you, or from somebody you know, this is usually just a cleverly disguised forgery and not an indicator that your email has been hacked. It is similar to someone standing around the corner from you and mimicking your best friend’s voice while asking you to toss $20 around the corner to them. Most of us would want to peek around the corner and verify that our friend was standing there.
That can be a bit more difficult with an email.
So, what can you do?
The first thing to remember is that things that seem fishy usually are. We encourage you to trust your gut. Look at the way a person talks. Is the use of language odd? Most people write in a manner similar to spoken English. While writing may be more formal, it is still largely conversational. When is the last time your dad asked you to “Please kindly” anything? Or has your boss ever “Anticipated your early response?” These aren’t phrases that we commonly use when speaking to one another, even if we can understand the meaning of them. In these cases, what you are most likely viewing are the idiosyncrasies of translating one language into another. If you still aren’t sure if the email is real, we recommend calling the person to verify the email contents.
Don’t respond to the email directly as this can potentially create other problems. Sometimes emails are sent with the hopes of finding a verifiable connection. A little like the old game of Marco Polo. If the scammer says “Marco” and you respond “Polo” then they know someone is there to be a target. If the scammer says Marco, and nobody answers, they will be more likely to move on until they hear a response. While computer scams can be driven by technology such as viruses, trojan horses, worms and spyware, a lot of tricking you into something simply relies on manipulation and social engineering. It is simply best not to respond.
In some instances, you can see what the originating email address actually is. In the “From:” line you would see what appears to be your friend’s email address, followed by a second email in “<…>” markings such as From: Mom@hugs.com <email@example.com>. In this case, you can block “not mom” without actually blocking your real mom.
We hope these tips help protect you from potential scams, but if you suspect that you have been the victim of a scam we recommend that you contact your telecom or IT provider, and file a police report. This will ensure that any malicious code is blocked in the future, and any crimes are reported to the proper authorities.
Compiled and written by Andrew Cook, Operations Manager for Dagger Law. Last updated 14 July 2020.