First phishing, and now spoofing?

emailI know of two definitions for the word spoof. One tastes like soap, and the other is really, really funny. But now there’s a third one, and it induces neither cleanliness nor mirth.

I rarely check my spam folder, but lately I’ve noticed it has mails from ‘me’. I didn’t pay much attention, since lots of people sign their mails with ‘Love, me’, including, well, me!

But I got curious today and clicked on one of the me-mails. In the From box, it had my own address! How weird is that?

I immediately went into panic mode thinking my account had been hacked and that I needed to change my password. A depressing thought in itself because I have fifteen fairly complicated ones an it’s all I can do to keep them straight in my head!

But then good old google came to the rescue. At the top of the mail, there was this red banner that said :

‘This mail probably did not originate from your inbox. For details click here’

I clicked and got this:

If you receive bounce messages for mail that appears to originate from your account, you find messages in Spam from ‘me,’ or you receive a reply to a message you never sent, you may be the victim of a ‘spoofing’ attack. Spoofing means faking the return address on outgoing mail to hide the true origin of the message.

When you send a letter through the post, you generally write a return address on the envelope so the recipient can identify the sender, and so the post office can return the mail to the sender in the event of a problem. But nothing prevents you from writing a different return address than your own; in fact, someone else could send a letter and put your return address on the envelope. Email works the same way. When a server sends an email message, it specifies the sender, but this sender field can be forged. If there is a problem with delivery and someone forged your address on the message, then the message will be returned to you, even if you weren’t the actual sender.

If you’ve received a reply to a message that wasn’t sent from your address, there are two possibilities:
1. The message was spoofed, forging your address as the sender.
2. The original sender used your address as a reply-to address so that responses would be sent to you.

Neither of these possibilities indicates that your account was compromised, but if you’re concerned that your account may have been compromised, you can check recent access to your account. Just scroll to the very bottom of your inbox and click the Details link next to ‘Last account activity.’

One common tactic used by spammers is to send a message to a recipient, and fake the ‘From:’ field to contain the same address. Spammers hope that because the mail is sent ‘from’ your address, it will slip past our spam filters. But not so fast! Gmail authenticates all of our mail, so we know when a message wasn’t actually sent by you. We do our best to place these forged messages in your Spam folder.

Because Gmail replaces your email address with ‘me’ when you look at lists of messages, you may see spam mail from ‘me’ in your Spam folder. All this indicates is that someone forged the return address on your messages to be your own email address.

For the technobofs among us, this simply means somebody sends you spam then puts your own address in both the ‘from’ and ‘to’ boxes. They can get your address off any form you filled online, or from forward lists, but may not necessarily have access to you account or passwords.

This did rather set my mind at ease, at least I don’t have to re-change my passwords now. Though it helps to check the ‘last account activity’ to be sure. Good ol’ gmail! Maybe them controlling my world isn’t so bad after all.

I have to admit though, these online words are pretty nifty. I wonder what they’ll come up with next.

You might also like:

Crystal Ading' is a professional author, editor, rock lover and mother. Her work is available through threeceebee.com.

  • bailey

    Hey! Thanks for this article…
    I am such a tech-lover it’s interesting
    I always wondered what spoofing was though.
    Very informative

  • mengo

    just found this site.niiiiiice!!!!i have a worse serpent than spoofing(the first time i heard meaning two of this, i remember thinking…wow, whoever came up with the word is a genius!!!!) in my inbox.its from people called The Smoke Shack and the title of the email is….wait for it…Tell us what You smoke. now, im not angry at them sending random mails to people, im just amazed at the fact that they have an unmistakable way of finding their target market.and the first time i saw it i was like..oh my gosh, how did they know? theyre geniuses!!!!but i feel if i say weed, they will be all over my mailbox and i dont want that.

  • http://lily.co.ke/members/crystal/ Crystal

    I know people who earn a living on direct online marketting, and they make good money finding out exactly what title would get you to open that mail. The good direct sales people really ARE geniuses [genii?]

  • http://lily.co.ke/members/crystal/ Crystal

    You’re welcome :-) I just like the word *cheeky grin*

  • Recent Posts

  • Recent Comments

  • Popular Tags