Deciphering The Legitimacy of an Email: Sender and Receiver

Cybercriminals love email not only because it can be used to easily manipulate potential victims, but because it is also very easy to spoof.  Cybercriminals will set up fake email accounts and corresponding addresses in order to make the message appear to be legitimate.  Spoofed emails are difficult to identify without a careful examination of email message. Specifically the email “header.”

Each email message contains two “headers.”  The first is the visible header, which one can see at the top of any email message. The visible header contains the From,  To,  Date,  CC,  and Subject lines. We see visible headers everyday but never pay much attention to them. Spoofing is so easy that it does’t take a cybercriminal to manipulate  the message header to change the sender’s identify so an email looks like it is coming from someone else.

The second header is called the technical header and which I will discuss in my next post.

One way to begin deciphering the legitimacy an email is by reviewing the visible email header, starting the From: and  To: fields.

From: The Sender 

  • Do you recognize the sender’s email address? Carefully check the address since a bad guy can spoof an address similar to one you may be used to seeing. Check how the name is spelled since the address could contain one dropped or have additional characters.
  • Does the email appear to be sent from someone inside the organization but the subject and content unusual in some way? For example, a manager asking you to buy gift cards when they never asked you to do that before no do you have the authority to do so.
  • Does the sender’s email address look familiar but actually from a different domain then you are used to seeing? For example instead of Your_Boss@Your.Institution the messages comes as Your_Boss@yahoo.com.
  • Do you have no relationship with nor have had any past communications with the sender? These email cold calls may simply be “legitimate  SPAM” but may be nefarious in intent.
  • Is the message from someone you haven’t recently communicated with?
  • Is the message from someone who is a friend of a friend that you may know by name but never communicated with? Cybercriminals will often hack email addresses books and harvest such names.

To: The Recipient

Cybercriminals will send their email messages to a group of people in an attempt to get at least one to take the bait.

  • Is your address a CC on an email sent to one or more recipients you are unfamiliar with? If you don’t recognize the other recipients the criminal may have harvested an email address book from someone on which your name appears. Instead of sending individual emails they do an email blast.
  • Is there any pattern to the other the recipients such as all names starting with the same letter?

If there is any question about an email or a specific request pick up the phone and calling the person you think sent the message to confirm its legitimacy.

Leave a Reply

Your email address will not be published. Required fields are marked *