Avoid Email Spoofing and Phishing

Over the years you have probably seen a variety of interesting emails from long lost relatives in some foreign country that some how managed to lose their passports and every dime they’ve ever owned. Yes, we do feel for those poor saps, but we don’t feel bad enough to send them the $2,500 bucks they need to get their passports back. Like most of you out there, we casually just delete those messages and forget about the awful guilt about 2 seconds after hitting the delete button.

But…. What if your boss emailed you and asked you to move money from your league’s account to this new account number? The email looks and sounds totally legit, but you still have this gut feeling that there is something off about this. You’ve never been asked to do anything like this before, and whose account is this anyways? One or two questions quickly turns into 5 and then 10, and finally you say, “Hey the boss asks, and I deliver!” — WRONG!

If the email looks phishy (see what I did there?), then it probably isn’t legit. Here at Cal North, we’ve received a variety of these emails and have implemented a few good common sense policies that we hope help you with this problem as well.

First… If an email doesn’t look legit, it probably isn’t. The best thing you can do is pick up the phone and call that person. Don’t respond to the email, or click on any of the links. Just take two minutes and call to confirm the message is real. If you can’t call, then you may want to look at the source code of the email to determine if the IP address of the server that sent the message matches the IP address of other emails sent by the same user (see this tutorial on how to do this).

Second… Everyone should sign their emails either with a unique signature, or in a specific way. Let your coworkers, family/friends (especially if you’re traveling abroad), and other VIPs know how you do this. E.g. If you have a middle initial, you can include it in your signature. Maybe less professional, but a unique emoticon works to 「(°ヘ°)

Third… Now if it’s your job to determine why this is happening, forget about it. It happens because of a long history of how email came to be, and the fact that everyone wants email to be immediate and convenient. But if you still want to know more about how this actually works — take a look at this Lifehacker explanation: How Spammers Spoof Your Email Address (and How to Protect Yourself).