Email Spoofing: What Is It And How To Spot It.

Cyber scams are an everyday occurrence for individuals. Recent cyber scams have surfaced that involve senior executives (bosses) emailing requests to their employees asking the employee to confirm their Social Security numbers and also provide other confidential information. Your employer already has this information if you’re being paid.

What has happened?  Fraudsters have been able to gain access to a company’s servers and company contact information. What they are doing with this information is called “spoofing” which means they are pretending to be a legitimate member of the administrative and/or management team of the employer to the recipient employee and asking for this information.

This is a pretty clever and common scam. If you or anyone in your household ever receives an email or any type of request for this information from your/their employer or “any” party, whether via email, text or voice DO NOT provide the information. The best step is to contact the requesting party directly to confirm the request came directly from them. If the request is via email do not respond to the email asking if the request is legitimate. If the email was sent to you by a fraudster, by responding you are only responding to the fraudster who of course will confirm that the request is legitimate.

Instead of replying to the email sent to you request verification directly from the individual purporting to be the sender using a separate and direct email to them at the email address you have for them.  A better solution is to pick up the phone and ask them directly or even by sending them a text or make a face to face visit if possible.  DO NOT use any phone number shown or listed in the email you received. In other words use a different method of communication to the alleged senior individual other than the method of communication in which you received the request.

An additional way of verifying the sender’s email is to place your cursor over the sender’s email address to determine the URL and check to make sure the email address shown is accurate. Fraudsters will use look-alike email addresses that in a quick glance look like the actual email address of the sender.   Upon closer inspection, the fraud email may for example have a space between letters or a “1” in place of an “l”, etc.  Remember forewarned is forearmed.  By taking steps to be sure requests for information are legitimate it's always better to be safe than sorry.