Why You Might Be Getting Spam Emails From Yourself
It's a bit difficult to keep up with the unfortunate advancements when it comes to spam emails, which is why many email inboxes are flooded with hundreds of unopened emails, many of them up to no good. We've all learned ways to be on the lookout for malicious spam, staying clear of emails promising great fortunes and containing misspellings that children don't even make. Despite that, it seems like every year new types of spam emerge, requiring us to be even more cautious of unfamiliar emails.
Such is the case with spoofing, a relatively recent phenomenon in which instead of the email looking a bit nuts and overpromising, it does everything possible to look legitimate. According to Cloudfare, spoofing occurs when an attacker masks their identity and malicious intentions with a legitimate-looking email heading, domain address, logo, associated website, and anything else that might convince the recipient that the email totally means well.
Spoofing isn't limited to company forgeries, it will do the same with friends, family, and coworker emails as well. There's even what's known as self-sending spam, which occurs when the fake email address looks just like your email, and/or mimics a domain you own, appearing as if you emailed yourself. It's almost an impressive level of deception.
How it works and what to look out for
Spoofing tends to require the recipient to look very closely at the email heading and language for anything that seems a bit off. So if one were to get an email from what appears to be their bank, it would adopt the logo of your bank, the spelling, and even the tone of their messages, but something would be off, like an extra number in the email domain (@1bankofamerica.com, for instance), a request in the subject line or email that the bank wouldn't normally make, and associated links which go to similar-looking websites.
It's all an attempt to convince the recipient to divulge sensitive information, be a victim of identity theft, and/or click on a malware-laden link, amongst other criminal cyberattack possibilities. What helps enable spoofing is that the email transmission protocol Simple Mail Transfer Protocol (SMTP), can't necessarily authenticate the email address, and the information in the fields the recipient sees doesn't have to match the info in the servers used to send the email.
To protect yourself, be wary of any out of the ordinary emails asking for any urgent action involving personal information, and use anti-spam software that requires authentication for incoming emails. Some email programs allow you to inspect the email header, like Gmail, which allows you to click "Show Original," where you can see if the sender domain is different than what it says under "Received." Meanwhile, for those emails seemingly sent from yourself, that you clearly didn't send yourself, users can adopt a Domain Name System (DNS) with various methods of authentication.
The above methods won't stop all the spoofing attempts, but they will certainly making checking your email a little less exhausting, and let you focus on the emails you've been avoiding for different reasons.