(NCSAM Week 4): Email Spoofing

Email spoofing or forging is a scam in which malicious actors forge the sender’s email address in order to trick victims into taking some sort of action such as disclosing sensitive information or clicking on a malicious link or attachment. These imposter emails may target you individually or as part of a group, and may appear to come from your supervisor, friends or entities you trust.

Emails can be spoofed in a variety of ways. For example, an email address may be spoofed in whole or in part. Some examples include: 

  • the display name associated with an email in your Inbox is correct, but the sender’s name in the “From” field of the email is different/unexpected, e.g., 
    • Display name: John Doe 
    • From name: John Doe <jd1234.nyu.edu@hackingu.com> (in this instance hacking.com is the sender’s domain name)
  • There are other cases in which the display name is correct, but there are slight  variations in the “from” name. 
    • Display name: John Doe
    • From name: John Doe < j0hn.doe@hotmail.com> (in this instance, the “o” in John was replaced with the number zero). 
  • Sometimes the display name and From name match, but clicking a reply option reveals an unfamiliar/unexpected return address. 

Finally, don’t discount your instincts. Spoofed emails also may reveal themselves by an unfamiliar tone, unexpected content, links or attachments, or an urgent request. Other indicators include:  

  • A generic greeting
  • A request for sensitive information
  • A threat or a call to action

Please be reminded not to reply to suspicious emails and do not circulate these emails to others, because if they’re malicious, you could be spreading malware. When in doubt of the legitimacy of a message, confirm via a trusted phone number or send a message using an email address you have typed and confirmed. 

If you have a question about whether an email you’ve received is phishing and you’d like to receive input from the GOIS Incident Response team, please forward the message with headers, and your specific question/concern (so the Incident Response team knows how to best assist you) to phishing@nyu.edu.  

To forward a Gmail message & headers as an attachment:

  • On the right hand side of an open message use the pull-down menu on the upper right (3 dot ellipsis) to select “Show Original”.  From this view select “Download Original”. 

For more information and resources on phishing, please visit the Security Awareness web page