Am I being spoofed or has my email been compromised?
You log into your email account one day and find a lot of undeliverable bounce back emails sitting in your inbox. Â You didn’t send the emails that generated them, and people are complaining about the spam you are sending from your account.
Why is this happening? Â Has someone hacked into your account? Â Are you being spoofed?
So what do you do?
The first thing you want to do is determine whether your account has been compromised by a virus, malware, or a spammer, or if you are just being spoofed.
How to I know if my email account has been compromised?
This can be determined by taking a look at the email headers. If you’re not comfortable with this, please contact 3DOM Digital Agency support team and we can take a look for you.
If your email account has been compromised, you should run a full system virus scan on your computer and then reset your email password. Changing your email password will cut off any connection a third party may have to your email account.
Spoof Email – What to look out for
A spoof email is an email that has a sender you recognise, but is being sent from a scammer on the sender’s behalf. Scammers use spoofed email addresses to carry out phishing scams that trick you into providing personal or sensitive information. Phishing emails are a form of spam that provide a link to a spoofed website (a fake website that the scammer designed). The website will often require users to login or update their details. Spear-phishing, on the other hand, is a more targeted form of phishing. With spear-phishing, the sender does not appear to be a familiar institution or organisation (such as a bank or financial institution) but rather a trusted individual such as a manager, head accountant, or company director.
How do I know I am being scammed?
Spoofing is sometimes difficult to recognise as the email seems to arrive from a trusted, familiar sender. However, there are a few things you can look out for and consider suspicious:
- If you receive an attachment or request out of the ordinary (such as an invoice where details have been subtly changed)
- If the sender typically writes to you in Afrikaans and you receive an email in English or another language, or vice versa
- If the sender typically writes well, and suddenly uses bad spelling and grammar (this is common in phishing scams)
- You receive an email from yourself that you did not send.
How do I protect myself?
- Use common sense. If anything seems out of the ordinary, ask an 3DOM Digital Agency Consultant to investigate
- Be extra cautious when money is involved; for example, notifications from SARS (SARS provides a list of latest scams on their website), demands for immediate payment, and deposits made that require any action to be taken
- If you receive an email with a request to update any details or to make a payment you were not previously aware of, or seems suspicious in any other way, do not reply to the email. Call the sender on a known number and confirm that they did in fact send the email. Do not use any of the contact details provided in the suspicious email message
- If you receive a request to change the banking details of a creditor, confirm this request with the accountant or sender at the company before paying monies into a different account
- Never allow unauthorized access to your computer. If you did not explicitly request assistance, do not give out any information that could compromise your security
- 3DOM Digital Agency will never ask you to update your details or click on any links in an email without prior notice
- Look at senders and headers. If the sender is fake, delete the email, or ask an 3DOM Digital Agency Consultant to investigate if you are unsure
- Make sure that your antivirus program is running and up to date. Never bypass your antivirus program to open email attachments or other files
- When in doubt, ask Team 3DOM for assistance.