Don't Fall for Spoofed Emails

Email Spoofing

What is Email Spoofing?

Email spoofing occurs when a message appears to be sent from someone you know but is actually sent from a malicious attacker. Some of the most common spoofing emails come from someone you know asking you to perform some financial transaction for them. These transactions can include:

  • Changing banking information
  • Buying gift cards
  • Mailing checks.

Spoofing is very easy to do and almost impossible to prevent. For example, spoofing is as simple as placing a false return address on an envelope when you mail something via the U.S Postal Service. In this example, the letter would appear to be sent from the spoofed return address printed on the envelope.

When someone spoofs an email address, the email account remains secure in most cases. However, you may begin to see undeliverable messages and unusual emails in your inbox. This is because the hackers are routing messages to your email address.

How to Identify a Spoofed Email

Vigilance in identifying suspicious messages is the most effective protection against these types of attacks. A primary indicator of a spoofed message is when the known sending email address is different than the email address in the "reply to" field. This "reply to" address is most often a non-@duq.edu address created by the attacker. Visit duq.edu/phishing to learn more about identifying characteristics of phishing and spoofing emails.

If you believe you have received a suspicious message or you experience any suspicious activity with your email account, contact the CTS Help Desk at 412.396.4357 or help@duq.edu.