What’s the difference between being hacked and spoofed?

25 Aug 2020

What do I need to know about email spoofing?

Fake emails being sent from your account is very annoying – especially when you don’t know how it’s happened. This is known as email spoofing, where emails are sent using a forged ‘From’ to send spoof emails, access is not required to the individual’s email account.

What are the symptoms?

You may be receiving a large number of ‘Non-delivery Emails’ sporadically. These emails have been sent from another email address, but with a forged ‘From’ address to look like yours. So any emails that fail to deliver will be sent to your inbox.

This is quite common because the majority of ‘spoof’ emails are known as spam by most email platforms. This prevents them from being delivered to the intended recipient and instead generates a ‘Non-delivery report’.

What can I do?

As spoof emails can be set up without accessing an email account, we’re unable to stop this from happening altogether. However, most will be recognised by spam filters and blocked accordingly.

As a precaution, change your email account password. You can also run a number of cyber security checks which include anti-virus scans and forwarding rules you don’t recognise. If you’ve gone through all these steps, it’s possible your email address is being spoofed.

What’s the difference between being hacked and spoofed?

When your email account is hacked, an unauthorised third party has access to your email account. This indicates they’ve obtained the password, either through malware being installed on your device or when you’ve entered your details into a fraudulent phishing email.

If my account’s not been hacked, how are emails still being sent to my contacts?

It’s possible that your email account was hacked in the past, and the hackers took a list of all your contacts you’ve emailed previously. This allows them to send spoofed emails that look like they’ve come from you.

Unfortunately, once the hackers have access to your contacts, it is not possible to stop them from sending spoofed emails.

Note: There are other ways that hackers can obtain details of the people you email, such as public mailing lists or through other email addresses they’ve compromised.

Will deleting my email account stop Email Spoofing?

Unfortunately no. As email spoofing does not require access to your email account, the spoofed emails can continue to be sent even if your email address no longer exists.

Contact Cyber Security Company LoughTec for a free no-obligation discussion on your business cyber security posture. Call +44 (0) 28 8225 2445 or email info@loughtec.com.