How to Tell if an Email Has Been Spoofed

There are numerous email scams that land in your inbox every day, from malware-ridden attachments supposedly from a friend to IRS impersonators to fake invoices from Geek Squad. And what makes many of these scams harder to recognize is that they rely on a “spoofed” email address to make it appear that they are coming from someone you trust (or even your own email address) rather than a scammer 6,000 miles away. So learning how to tell if an email has been spoofed is critical to protecting yourself.

Part of the reason why spoofed emails are so prevalent is that it is incredibly easy to spoof an address. Any mail server can be set up to send from a given domain (e.g. irs.gov), and there are even websites that will let you send one-off emails using any email address for free. But both of these methods leave telltale tracks that give it away as spoofed. To find these tracks, you need to look at the email header. The header contains critical components of every email – From, To, Date, and Subject – as well as detailed information about where the email came from and how it was routed to you. Importantly, it also contains the results of the verification process your email provider used to determine if the sending server has permission to send using that domain (i.e., Is this server authorized to send emails from irs.gov?).

How to find email header information
Showing your email headers varies depending on which email service you’re using. The instructions below are all for your computer or the “desktop view” using your phone’s browser.

How to show email headers for Gmail
For Gmail, open the email and click on the three vertical dots next to the reply arrow and select “Show Original”.

How to show email headers for Outlook and Outlook.com
For Outlook, open the email. Click on “File” and then “Properties.” The headers will show in the “Internet headers” box. For Outlook.com, open the email. Click on the more icon (three dots) and select “View” and then “View message source.” The headers will show in a pop-up box.

How to show email headers for Proton Mail
For Proton Mail, open the email. Click on the more icon (three dots) and select “View headers.” The headers will show in a new window.

How to show email headers for Apple Mail
For Apple Mail, open the email. Click View > Message > All Headers. The headers will show in the window below your inbox.

How to show email headers for Yahoo! Mail
For Yahoo! Mail, open the email. Click on the more icon (three dots) and select “View raw message.” The headers will show in a new window.

How to find the header information that shows an email is spoofed
The two things that matter the most are the domain name and IP address in the “Received” field and the validation results in the Received-SPF field. But if the domain name is similar or it’s listed as just an IP address, you should check the IP address, too, and see if that passes the smell test. To do that, go to Domain Tools and enter the “from” IP address in the Received field into the Whois Lookup.

For more information on solutions for running your businesses’ technology more efficiently, visit our website or contact Megan Meisner at mmeisner@launchpadonline.com or 813 448-7100 x210.

This was originally posted by Techlicious.

Related Posts

The Worst Passwords of 2024: Are You Guilty of Using One?

12 Tips to Identify a Fake Virus or Security Alert

How to Keep Your Windows PC Secure on Public Wi-Fi

How to Remove a Password From a PDF File

Profile cancel