Have you ever received an email from a friend, colleague or client that they didn’t actually send? You can count yourself quite fortunate if you haven’t as it’s become a very common occurrence.
Normally the first reaction is “someone has hacked in to my account”, which of course may be true. This is usually because of weak or compromised passwords. More likely though it’s simply that your address has been used, so that the receiver is led to believe the mail is genuine. Typically, the mail will have fraudulent links or instructions so financial gains can be made.
I remember speaking to a distraught client some time ago, who had been duped by a fake email. This resulted in a substantial bank transfer between the company and the fraudster. Their initial responses were “how could this happen?” and “we must make sure this never happens again”.
The reality is that it’s ridiculously easy to send mail displaying any address you want. It must be remembered the differences between an account and an address: Think of your email account as your home, and your email address as your house address. Your home, like your email account, is well secured (hopefully). Your address can be displayed anywhere as the sender on a letter or parcel, just as it can in an email.
You may think these fake emails should be filtered out before they get to your inbox. Although there are tools such as SPF records used between many mail servers in the background that can and do help, we are a long way off a satisfactory solution to this ever growing problem. The best form of defence is quite simply your own vigilance. My advice would be keep your passwords strong and secure. If you receive an email that is out of the ordinary, even though it may look genuine, check it out before acting on the instructions. Always remember, if it doesn’t feel right, it probably isn’t!Google+