Recently, the most common way to steal data and infect computers is by sending emails with malicious content. These emails appear very serious, seemingly from a “legitimate” sender that the recipient recognizes.

The emails are usually sent from previously hacked email accounts, impersonating a specific company by forging the message header.

In this article, we will show how to easily distinguish legitimate messages from those impersonating companies or institutions.

An example of a message with a spoofed header:

From: smarthost.eu <info@weshoes.co.il>
To: ********
Date: 17 lipca 2020, 16:34:25
Subject: smarthost.eu : Your Account Will Be Blocked Urgent[WARNING]


Dear  biuro

All account are requires an immediate verification 2020 server security ,

Failure to do this. We may be forced to terminate the activities of your account.

to make sure your are the real owner of this email, *******

You have 24hours to perform this action from below portal.


VERIFY ACCOUNT NOW

Copyright © 2020 smarthost.pl, Inc. All rights reserved. We are located at 2233 S. third St., San Jose, CA 95123.

Scammers often send similar emails impersonating banks, payment operators, or other service providers, which is why it’s crucial to verify the sender every time before taking any actions encouraged by the email content.

Verifying e-mail sender.

Sometimes, we receive emails that appear to be from a well-known company or bank, but the message doesn’t actually come from the official email address of that institution.

Every email is represented by a “friendly name” field, which often displays a pleasant name like “John Smith,” “ING Bank,” or “T-Mobile Customer Service.” In addition to this “friendly” name in the sender field, there is also the actual email address from which the email was sent. This email should come from a known and official domain of the provider (e.g., as in the examples above: ing.com, t-mobile.com, or smarthost.eu), but often, it is falsified—the sender is someone other than the legitimate institution.

The sender might appear as: t-mobile.com or smarthost.eu (which is the “friendly name”), but the email is sent from an address like info@vilcongloplc.pw, info@weshoes.co.il, or any other. It’s clear that the sender has swapped the “friendly name” to deceive the recipient.

Therefore, it’s important to always check the actual email address from which the message was sent and not just rely on the sender’s name.

How to verify the sender’s real email address?

To verify the email sender in Webmail (e.g., Roundcube), follow the steps shown in the images below. In other applications, the process will be similar. In some, such as Thunderbird, the sender’s real email address will be displayed immediately upon opening the message.

Additional sender verification.

If you have doubts about whether the email was really sent by the stated sender, it’s best to contact them via phone, chat, or email. However, be careful: do not reply to the “suspicious” email. Instead, send a completely new message to the known, official email address found on the company’s website.

Taking care of security.

It’s also important to maintain the security of your own email accounts to prevent them from being used as tools to send similar fraudulent messages.

First and foremost, you should set strong passwords that are difficult for scammers to crack and use different passwords for every system or account you access.

By having unique passwords for each account, even if one account is compromised, the scammer won’t be able to access other accounts with different passwords.

Our security largely depends on ourselves, so before clicking on a link sent in an email, always verify the sender of the message.

With Smarthost Sp. z o.o. you can contact through:

e-mail: hosting@smarthost.eu
chat online: https://www.smarthost.eu/