Have you ever received an email which says it is from you – but which you know you didn’t send?
They probably look like spam, and will usually include an email address to reply to inside the message. These messages are a type of phishing attack and the attacker is spoofing your email address.
What is phishing?
Phishing (pronounced “fishing”) refers to fraudulent communications designed to deceive consumers into divulging personal, financial, or account information. Spammers ‘spoof’ your email address, so although the emails are really coming from gmail or another free account, they appear to be coming from your own address.
These fraudulent emails often create a false sense of urgency intended to provoke the recipient to take immediate action; for example, phishing emails frequently instruct recipients to “validate” or “update” account information or face cancellation.
In addition, marketing offers may also be used for attempted phishing.
Phishers use a variety of techniques, which may include false “From” addresses, authentic-looking logos, or Web links and graphics. These techniques mislead consumers into believing that they are dealing with a legitimate request for sensitive information.
Attachments within an email can also facilitate phishing. Do not open attachments in unfamiliar emails, as they may place programs known as “key stroke loggers” on your PC, which capture keystrokes you make (including when you logon to a site and enter your password). The data obtained can then be used to commit fraud.
Phishing is notoriously tricky to stop but here are a few tips:
- This DOES NOT mean someone has access to your email account, and no one is likely sending email from your account, but it’s a good idea to change your passwords now anyways.
- DON’T try replying to any of the email addresses in the message.
- Typically, these messages ARE NOT sent to a large group, so chances are you are the only one seeing them – these messages aren’t being sent out to your address book
- The messages normally last for a week or to and then STOP ON THEIR OWN, and there isn’t much your email provider can do to stop them.
If you’re interested in learning more, here’s the wikipedia entry on email spoofing.