Email spoofing: Your account has been hacked
What is email spoofing?
Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate source. The goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation.
How can I identify a spoofed email?
A spoofed email can be identified through one of the following ways;
If they contained subject lines similar to;
- Security Alert. Your account has been hacked. Password must need to be changed
- Your Account is hacked
- All personal details are hacked
- Your password must be need changed (your password:xyzaye)
- test@yourdomain.com is compromised. Password must be changed
If the email requested one or more of the following;
- Personal details
- Bank account details
- Deposit money into an unknown account/crypto-wallet
- Visit a link to verify credentials.
- Visit a link to reset email password.
- Job portal link
How do I confirm that the email is indeed a spoofed or spam email from the email headers?
The authenticity of the email can be checked by looking for any of the following parameter within the source of the email.
If you cannot see any of the above tags in your email headers, please enable SPF in Email Authentication and Spamassassin. You may contact support desk for any assistance on the same.
- Received-SPF: Softfail (domain owner discourages use of this host)
- X-CMAE-Score: 100
- X-Spam-Status: Yes
- X-Spam-Flag: Yes
Is my account compromised if I receive such an email?
No, your email account is not compromised in any way. The email received is either a SPAM or a spoofed email.
Why isn’t the server classifying such emails as SPAM?
Our servers have stringent email checks in place which ARE classifying these emails as SPAM, which would arrive within the Spam/Junk folder of the email user.
Can I completely avoid receiving a spoofed email?
No, In every case the spammer may use a different subject and a different body, so creating a filter globally won't help, it may risk blocking legitimate emails.