Differences

This shows you the differences between two versions of the page.

--- faq:email:what_is_email_spoofing [2020/02/14 19:20] – created vikki
+++ faq:email:what_is_email_spoofing [2025/03/10 11:45] (current) – [Example 2] vikki
@@ Line 1: / Line 1: @@
+[[:start|Home]] > [[:faq|FAQ]] > [[faq:email|Email]] > [[faq:email#general|General]] > **What is Email Spoofing?**
 ====== What is Email Spoofing? ======
 Email spoofing is when someone sends an email pretending to be someone they are not. Such email appears to be originated from a trusted sender - such as customers, vendors, coworkers or managers, or even yourself - but they are actually sent from cyber-criminals, who would trick you into transferring money to them, downloading an attachment with malware that could infect to your entire network, providing them your personal information for fraudulent purposes, and more.
-The following is an example of a spoof mail.
+Here are some of the examples of spoof mail:
+===== Example 1 =====
+In the example below, the sender is pretending to be your regular contact, trying to trick you to make payment to another bank account. If we look closely on the email, we will notice that the sender email address is "pic@xyzhjk.net" instead of Eric from eric@abcorp.com. Although the mail content looks legitimate, with professional-looking email signature, we should always be careful and double check on the sender email address before we make any response to the sender.
+|{{:faq:email:spoof1.png|}}|
+===== Example 2 =====
+In this example, the sender is sending an email using your actual domain or an actual email address from your domain, though it was sent from a different server/IP. Such spoof mails are usually blocked by the server by default. However, if your SPF record includes the third-party server/IP, these emails may still be delivered. We recommend reviewing your SPF record and only allowing legitimate third-party servers to send emails on behalf of your domain.
+|{{:faq:email:spoof2.png|}}|
+===== Identifying Spam =====
-{{:faq:email:sample-spoof.png|}}
+To protect the safety of our email account, we need to stay vigilant and equip ourselves with the knowledge of identifying scam and spam mails. When we receive emails from vendors or suppliers who inform about change of payment details, or emails from regular contacts that contain suspicious attachments, always verify with the senders first before responding or taking any actions.
-From this sample, we can see that the mail was actually sent from a spammer user1@domain.com, not Eric Tan. Although the mail content looks legitimate, we should always be careful and double check on the sender email address before we make any response to the sender. For more information on how to identify a spam mail, please refer to this article: [[faq:email:identify-spam-mail|How to identify whether an email is a spam mail?]]
+For more information on how to identify a spam mail, please refer to this article: [[faq:email:identify-spam-mail|How to identify whether an email is a spam mail?]]

AGNX

User Tools

Site Tools

Differences

Page Tools