If your customer receive a strange email from your own email address that you actually did not sent then it doesn’t really mean that you’ve been hacked. A spammer/hacker can spoof any email address in the world, and it’s not hard to do. Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate source e.g. like your own email address.
“From” spoofing means faking the “From:” address on an email to make it look like it came from you. To do it, spammers don’t need access to your account at all.
Email spoofing can be easily achieved with a working Simple Mail Transfer Protocol (SMTP) server and mailing software like Outlook or Gmail. Once an email message is composed, the scammer can forge fields found within the message header such as the FROM, REPLY-TO and RETURN-PATH addresses. After the email is sent, it will appear in the recipient’s mailbox that appears to come from the address that was entered.
How to stop email spoofing
To prevent becoming a victim of email spoofing, the following practices should be put into place:
- Keep anti-malware software up to date.
- Do not share private or financial information through email.
- Turn spam filters on to the strongest settings.
- Avoid clicking suspicious links or downloading suspicious attachments.
- Never enter sensitive information into links that are not secure.
- Learn how to open and read email headers for signs of email spoofing.