Avoiding Email Spoofing


This article describes how Private Email from TDS on webmail identifies suspicious emails


Identifying suspicious email

Suspicious email is defined as being not  spam nor legitimate email - it is a gray area in between. In many cases, there is nothing in a suspicious email that tells security systems it should be blocked.

Private Email from TDS uses DMARC -Domain-based Message Authentication, Reporting, and Conformance indicators to tell if an email is suspicious and potentially dangerous. There are several other items you can look for that indicate if an email is legitimate.

green_checkmark_rx These indicators are simple but extremely valuable in determining the legitimacy of an email message.

Emails that are marked suspicious will show a yellow warning banner in Webmail’s preview pane. The intent of this banner is to encourage you to check the validity of the sender and the contents of the email before clicking links, downloading attachments, or replying.

screenshot of webmail suspicious email

Webmail clearly indicates the display name and email address of the sender. Comparing the display name to the email address is a simple way to check for display name spoofing.

Display Name Spoofing is when hackers place a name that you recognize in the From address, but the associated email address is not for that person.

screenshot of webmail suspicious email2

Webmail shows you if the domain of the sender does not match the domain used to send the message.

The actual domain that sent this email message is in the ‘sent from’ added to the sender’s address.

In some cases, this name switch is normal for sending services that are used for marketing and sales campaigns. But, it can also potentially be spoofing. 

screenshot of webmail suspicious email3

To report suspicious email as spam, you can drag the message to the Spam folder, or you can click Report Spam in the More menu.

screenshot of webmail suspicious email report as spam

Remember, it is always best to verify any request for personal information or money that is received via email. 

For a deeper dive into spoofing and domains:  

https://blog.knowbe4.com/when-the-url-domain-is-not-enough-to-avoid-a-phish

Finally, here is a terrific guide for identifying spoofed emails by our world-class partner KnowBe4, the preeminent anti-phishing training firm.

"22 Social Engineering Red Flags."

The 22 Red Flags for Social Engineering by KnowBe4

 

CONTACT