IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [email-spoofing]

Email spoofing refers to the process of sending fraudulent emails that appears to be from someone that it is not.

Email spoofing refers to the process of sending fraudulent emails that appear to be from someone that it is not.

Using common email protocols such as SMTP, headers such as the sender name and email address can be forged, since there are no restraints in the protocol to prevent this.

225 questions
124
votes
5 answers

Why do phishing e-mails use faked e-mail addresses instead of the real one?

I read that you can write anything into the From: field of an e-mail. If that is true, then why are phishing e-mails trying to trick me with look-a-like addresses like service@amaz0n.com instead of just using the actual service@amazon.com itself?
JFB
  • 1,685
  • 3
  • 13
  • 11
114
votes
7 answers

Someone is using my (or has the same) email

I just got a letter from court saying I made 49 threats to someone I had a problem with three years ago. This person presents "my emails" as evidence. I went through all my emails, and I haven't found a single one. The mail presented as evidence all…
Leah G
  • 1,079
  • 2
  • 7
  • 5
58
votes
7 answers

Email received regarding Security flaw in website

I received an email to techsupport@websitename.com (pretty generic email) saying that there was a security flaw in my website etc. etc My initial reaction was that this was a scam. (How/why did they find our site.) However, they didn't seem to be…
Welz
  • 695
  • 2
  • 6
  • 10
46
votes
4 answers

Paypal sent an email addressing me with one of my old passwords as my name

I got this email from service@intl.paypal.com, with the title: Your account has been limited until we hear from you. I think this is a scam / spoof email because I don't see any notification in my Paypal account and this is Hotmail account is not…
apertur
  • 572
  • 4
  • 8
42
votes
2 answers

Why would PayPal send messages from another domain?

I have just received a message asking to consent to PayPal policy updates from the domain: https://epl.paypal-communication.com The actual link is full of trackers. Given the domain name, it sounds like a routinely email spoof. Also, visiting the…
antonio
  • 845
  • 2
  • 8
  • 15
37
votes
2 answers

How did this paypal spoof email pass SPF, DKIM and DMARC

This mail that got through has me stumped. It appeared to me as being from PayPal in my Inbox. I happened to look at the original and it says SPF, DKIM and DMARC all passed. If I'm reading this right, 74.112.67.243…
ianw
  • 401
  • 1
  • 2
  • 6
33
votes
1 answer

Is it possible to fake 'received' field in the e-mail?

I've received some strange e-mail recently. The e-mail has different From and Reply-To fields. It has also To set to Undisclosed recipients but it's not crucial. At first I thought it's fake, but then I've read this post which mentions that Received…
Arkadiusz Kałkus
  • 433
  • 4
  • 6
24
votes
3 answers

Reply to potentially spoofed email

A colleague recieved an unsolicited email along the lines below: Dear Ms. Smith please click on the following link to recieve Document X regarding Project Y. Yours, Eve Nobody eve.nobody@company.com I suggested my colleague to reply to Eve…
Dohn Joe
  • 561
  • 4
  • 8
19
votes
2 answers

I received an "Undelivered Mail", is my email address used maliciously?

I received an "Undelivered Mail Returned to Sender" email, which is quite suspicious. The message is displayed in Thunderbird like this: From: someRandomStuff my.name@mail.provider Date: 24.08.20, 21:05 To: a list of very random looking email…
Dohn Joe
  • 561
  • 4
  • 8
18
votes
3 answers

Somebody is spoofing my email to send spam messages, and I have no idea how to block

Someone is using my Google Apps Email ID to send spam messages and I've received 2000+ undelivered and autorespond emails. I have no idea how to block this because the spammer is also using my email as reply-to email. If you have any previous…
Surjith S M
  • 289
  • 2
  • 5
16
votes
6 answers

How do I investigate where personal information in a fraudulent email was leaked from?

I have seen an email which is obvious from the content that it's a phishing/spurious email. However, the personal content is quite revealing and specific to that individual. How could I go about investigating how and where this personal data was…
Djuro
  • 169
  • 1
  • 4
15
votes
3 answers

Can an email be doctored to appear from a different sender on an earlier date?

Could someone doctor an email to make it appear that it was sent from a different sender at an earlier date? For example, could someone who knows my email address make it appear that I had emailed someone last year?
Gemini
  • 259
  • 1
  • 5
13
votes
3 answers

How to Stop Email Spoofing

Apart from SPF, what else can be done to stop hackers from spoofing your company's email addresses?
lisa17
  • 1,958
  • 7
  • 21
  • 43
12
votes
4 answers

Is this Amazon Business email phishing?

Today, I recieved a message that purports to be from Amazon. Normally, I can spot a phishing email from a distance. (I work in an ISP's Abuse & NOC department.) But this one seems just slightly off. If it is phishing, it's scary good. The one hint…
Azendale
  • 235
  • 1
  • 2
  • 6
9
votes
2 answers

Why don't banks sign their email using S/MIME?

If email sent by my bank included S/MIME signatures that my mail client can verify, then I would have the assurance that the mail was not tampered with or sent by some malicious third-party. Most prominent mail clients have S/MIME support (Outlook,…
sigjuice
  • 193
  • 5
1
2 3
14 15