Hacked or Spoofed
Recently I received an email from Jill, where the “From” address had her name, but when I opened the email, I knew it was not from her.
Initially, I became concerned; I would hate for Jill’s email to get hacked, especially since I am in the security world. I followed steps to verify that Jill’s email account was safe. As I started to look at her email, with her permission, I noticed that she was receiving email from a friend who obviously had been hacked.
So, how do you tell if your email has been hacked or spoofed?
First, spoofing is easy. All you have to do is replace your name in the “From” header, which is editable, especially if sending via PHP. In the case where I received the email from Jill, I checked the source of the message. The reason I checked was because knowing Jill, I knew she would not write:
“Hello Kate. How are you? I found excellent site (Link to malicious website deleted)
Do you know about this?”
It is extremely important never to click on the link.
I then looked at the “View Source”. All email programs, have a place where you can view the complete path of how the email was sent.
For example: ReturnPath:<martin@boulinguez.com>Received: from mout.perfora.net (mout.perfora.net [74.208.4.194])by mtain-di10.r1000.mx.aol.com (Internet Inbound) with ESMTP id 6066F38000096
The email listed is not from a name that I recognize, and Jill’s name is not anywhere to be found. So right away, I am able to tell that her email was spoofed and not hacked.
I then took additional steps to verify that Jill’s email was not hacked, easy steps that anyone can verify.
1) Look at “From” line, as shown above. If the “From” line would have shown Jill’s email address, then that would be the first sign that she had been hacked.
2) I then looked at “To” line, and saw only my name listed. Conversely when I was looking at an email that was sent from her friend that had been hacked, the “To” line was filled with a list of their friends email. When your email is hacked, your address book is hacked as well. Thus all of your friends are receiving emails, with a glimmer of hope that one of them may just click on the malicious link that was sent from you. In turn, either a key logger is installed on your computer, or your computer may become compromised and thus be waiting for a command by a third party in which your computer is taken over, unbeknownst to you.
3) The last quick check I did was to look at Jill’s sent box in her email. Thankfully her sent box appeared normal. If she had had email that was in her sent box that she did not send, then this would be another clear indicator that her email had been hacked.
It may be difficult to understand why anyone would want to hack your email to just to send messages with malicious links or to obtain your address book, but your hacked email account is worth money. Think about how many accounts you log into using your email address from iTunes and other online shopping, to financial and recreational sites, each hacked email can be sold for 3 to 8 dollars. If you have one hundred email contacts, in your address book, the hacker can easily make five hundred dollars to start; if even one of those contacts clicks on the malicious link, the hacker will then have access to a whole new address book and the possibilities of yet another huge paycheck.
It is extremely important that you not click on links, inserted into questionable emails, even if you think the email is from a friend or family member. If you have any questions about the integrity of an email, please feel free to reach out, and I will take a look. Stay safely connected.
