Trending Topic Tuesday: Slew of Spoofers and Spammers

I have recently had a few clients that have ad their emails spoofed by spammers. While I have seen a little of this in the past over my dozen years in the web business, it seems the latest round has been really insidious. They have seemed to get inroads into some of the major players like Gmail, Microsoft (MSN, Hotmail, Outlook, etc), and GoDaddy…some of the major players.

What is a spoof email?
Email spoofing is the creation of email messages with a forged sender address. Because the core email protocols do not have any mechanism for authentication, it is common for spam and phishing emails to use such spoofing to mislead the recipient about the origin of the message.

How can you tell if this latest round is happening to you?
If you get some emails being kicked back to you that you did not send (especially going to email addresses ending with @qq.com) then they are trying to spoof your email address.

What can you do?
First run some good malware software to make sure your computer(s) are clean.

Then take the most direct route you can to log into your email server and change the password (ideally a couple times – I was told that sometimes it may still be possible they could use the previous email password and have it work.)

Finally have your hosting company or webmaster set up an ‘SPF’ record to help reduce the chance of spoofing on that domain.

Caution is the key…if you see an email that doesn’t look quite right don’t click on anything. Many scams use logos and links that look very similar to what you know. It pays to be overcautious, if the email is legitimate there is always another way to respond to it…indirectly. Don’t start with that email, start from a phone number or website address you know to be valid and then log into your account. If they are sending you an important message by email they will have a message linked to your actual account as well.