Email "Spamming", "Spoofing", and "Phishing"
The terms "spamming", "spoofing" and "phishing" have become familiar to users of the Internet in recent days.
Email "spamming" refers to sending email to thousands and thousands of users - similar to a chain letter. Spamming is often done deliberately to use network resources. Email spamming may be combined with email spoofing, so that it is very difficult to determine the actual originating email address of the sender. Some email systems, including our Lotus Notes and Web Mail systems, have the ability to block incoming mail from a specific address. However, because these individuals change their email address frequently, it is difficult to prevent some spam from reaching your email in box.
Please review our document on ProofPoint on how you can help reduce the amount of spam emails that you receive.
Please click here to review this document: http://www.baruch.cuny.edu/bctc/proofpoint.htm
Email spoofing refers to email that appears to have been originated from one source when it was actually sent from another source. Individuals, who are sending "junk" email or "SPAM", typically want the email to appear to be from an email address that may not exist. This way the email cannot be traced back to the originator.
Malicious Spoofing
There are many possible reasons why people send out emails spoofing the return address: sometimes it is simply to cause confusion, but more often it is to discredit the person whose email address has been spoofed: using their name to send a vile or insulting message.
Sometimes email spoofing is used for what is known as "social engineering", which aims to trick the recipient into revealing passwords or other information. For example, you get an email from what appears to be the Baruch's email administrator, or from your ISP (Internet Service Provider), asking you to go to a Web page and enter your password, or change it to one of their choosing. Alternatively, you might receive an email asking for detailed information about a project or your financial accounts. The From field suggests that the message comes from Baruch College or JP Morgan Chase, but instead it is from a competitor or vendor requesting personal information.
Dealing with a Spoofed Email
There is really no way to prevent receiving a spoofed email. If you get a message that is outrageously insulting, asks for something highly confidential, or just plain doesn't make any sense, then you may want to find out if it is really from the person it says it's from. You can look at the Internet Headers information to see where the email actually originated.
Remember that although your email address may have been spoofed this does not mean that the spoofer has gained access to your mailbox.
Displaying Internet Headers Information
An email collects information from each of the computers it passes through on the way to the recipient, and this is stored in the email's Internet Headers.
Listed below are an example of viewing Internet Headers in Web Mail and Lotus Notes. For other email applications, please scroll below and click on the link that will provide information on other email applications.
Lotus Notes Version 6.x via Client
1. With Lotus Notes version 6.x running, please select an email you wish to view the Internet Header.
2. Click on View, then Show and then Page Source.
2. Scroll to the bottom of the information in the Internet Headers box, then scroll slowly upwards to read the information about the email’s origin. The most important information follows the “Return-path:” and the “Reply-to:” fields. If these are different, the email is not who it says it’s from.
Web Mail and Staff Mail via Web Browser (Internet Explorer, FireFox or Netscape)
1. With the Web Mail application open, click on an email message in your in-box. With the message open, locate Options: in the middle of the message. Click on View Full Header.
Internet Headers are best read from the bottom up, as they are added to as the email passes through the system.
2. Scroll to the bottom of the information in the Internet Headers box, then scroll slowly upwards to read the information about the email’s origin. The most important information follows the “Return-path:” and the “Reply-to:” fields. If these are different, the email is not who it says it’s from.
Click here for a full explanation of the mail header.
To learn how to view headers of other email applications, please click here.
Virus spoofing
Email-distributed viruses that use spoofing, such the Klez or Sobig virus, take a random name from somewhere on the infected person’s hard disk and mail themselves out as if they were from that randomly chosen address. Recipients of these viruses are therefore misled as to the address from which they were sent, and may end up complaining to, or alerting the wrong person. As a result, users of uninfected computers may be wrongly informed that they have, and have been distributing a virus.
If you receive an alert that you’re sending infected emails, first run a virus scan using any virus program such as Norton Anti-Virus or McAfee. If you are uninfected, then you may want to reply to the infection alert with this information:
“Your virus may have appeared to have been sent by me, but I have scanned my system and I am not infected. A number of email-distributed viruses fake, or spoof, the ‘From' address using a random address taken from the Outlook contacts list or from Web files stored on the hard drive.”
But keep in mind that a virus alert message is quite often auto generated and sent via an anti-virus server and so replying to the original email may not elicit a response.
Alternatively, if you receive an email-distributed virus, look at the Internet Headers information to see where the email actually originated from, before firing off a complaint or virus alert to the person you assume sent it.
Email Phishing
Email phishing has characteristics from both Spamming and Spoofing, however these types of emails usually intend on causing malicious harm to an unsuspecting reader.
In a typical phishing scam, phishers send out mass emails, which appear to come from a legitimate online vendor or financial institution. The emails usually contain an urgent message, baiting unsuspecting individuals into submitting sensitive data. Often the messages will direct recipients to a fake Web site where the phisher attempts to collect information.
Phishers have also begun to augment their efforts with more sophisticated devices—including pop-up windows containing misleading messages, URL "masks" that simulate real Web addresses, and keystroke loggers that capture account names and passwords. And as if that isn't enough, businesses with a significant online presence are susceptible to brand hijacking.
For example below: a phishing email was sent to customers indicating the message was sent on behalf of ebay. At first glance you see that the email was sent from eBay billing department and even has the ebay logo included in the message. From an unsuspecting user, this message looks legitimate and contains important information regarding their account with ebay. The email advises the user that their account with ebay needs to be updated including the updating of personal information such as name, address and bank or credit card information. When the user clicks on this link supplied in the email, the web address that the user is taken to is not that of ebay (www.ebay.com), rather a site the phiser has set-up.
Anytime you receive an email from a company asking for information to be updated or supplied, be vigilant and do not provide personal information via email. Contact the company that sent you the email. Such as the example above, you could contact ebay and confirm whether the email is legitimate or an example of phishing. Better to err on the side of caution when you receive emails such as these.
Additional Steps you can take to help protect yourself:
- Be extremely wary of emails asking for confidential information—especially of a financial nature. Financial institutions and other responsible companies do not request sensitive information via email. If you receive this kind of request, report it to the company.
- Don't get pressured into providing sensitive information. Phishers like to employ scare tactics. They may threaten to disable an account or delay services until you update certain information, but don't be fooled. Instead, contact the merchant directly to confirm the authenticity of their request.
- Watch out for generic-looking requests for information. Fraudulent emails are often not personalized. Meanwhile, emails from your bank or ISP often reference your business or an account you have with them. Again, confirm the authenticity of any suspicious request before responding.
- Never submit confidential information via forms embedded within email messages.
- If you need to submit corporate credit card numbers or other confidential information over the Internet, make sure the site is secure. To make sure you're on a secure Web server, check the beginning of the Web address in your browser's address bar (it should be "https://" rather than just "http://").
- Regularly check your bank, credit, and debit card statements to ensure that all transactions are legitimate. If anything is suspicious, contact your bank and all card issuers.
- If you get an email or pop-up message that asks for personal or financial information, do not reply. And don’t click on the link in the message, either. Legitimate companies don’t ask for this information via email. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company’s correct Web address yourself. In any case, don’t cut and paste the link from the message into your Internet browser — phishers can make links look like they go to one place, but that actually send you to a different site.
- Use anti-virus software and a firewall, and keep them up to date. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge. Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically.
- A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It’s especially important to run a firewall if you have a broadband connection. Operating systems (like Windows or Linux) or browsers (like Internet Explorer or Netscape) also may offer free software “patches” to close holes in the system that hackers or phishers could exploit.
- Don’t email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization’s website, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
- Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. These files can contain viruses or other software that can weaken your computer’s security.
- For additional advice, check the Web site of the Anti-Phishing Workgroup (http://www.antiphishing.org/).
