Am I being spoofed or has my email been compromised?
You log into your email account one day and find a lot of undeliverable bounce back emails sitting in your inbox. You didn’t send the emails that generated them, and people are complaining about the spam you are sending from your account.
Why is this happening? Has someone hacked into your account? Are you being spoofed?
So what do you do?
The first thing you want to do is determine whether your account has been compromised by a virus, malware, or a spammer, or if you are just being spoofed.
How to I know if my email account has been compromised?
This can be determined by taking a look at the email headers. If you’re not comfortable with this, please contact 3DOM Digital Agency support team and we can take a look for you.
If your email account has been compromised, you should run a full system virus scan on your computer and then reset your email password. Changing your email password will cut off any connection a third party may have to your email account.
Spoof Email – What to look out for
A spoof email is an email that has a sender you recognise, but is being sent from a scammer on the sender’s behalf. Scammers use spoofed email addresses to carry out phishing scams that trick you into providing personal or sensitive information. Phishing emails are a form of spam that provide a link to a spoofed website (a fake website that the scammer designed). The website will often require users to login or update their details. Spear-phishing, on the other hand, is a more targeted form of phishing. With spear-phishing, the sender does not appear to be a familiar institution or organisation (such as a bank or financial institution) but rather a trusted individual such as a manager, head accountant, or company director.
How do I know I am being scammed?
Spoofing is sometimes difficult to recognise as the email seems to arrive from a trusted, familiar sender. However, there are a few things you can look out for and consider suspicious:
- If you receive an attachment or request out of the ordinary (such as an invoice where details have been subtly changed)
- If the sender typically writes to you in Afrikaans and you receive an email in English or another language, or vice versa
- If the sender typically writes well, and suddenly uses bad spelling and grammar (this is common in phishing scams)
- You receive an email from yourself that you did not send.
How do I protect myself?
- Use common sense. If anything seems out of the ordinary, ask an 3DOM Digital Agency Consultant to investigate
- Be extra cautious when money is involved; for example, notifications from SARS (SARS provides a list of latest scams on their website), demands for immediate payment, and deposits made that require any action to be taken
- If you receive an email with a request to update any details or to make a payment you were not previously aware of, or seems suspicious in any other way, do not reply to the email. Call the sender on a known number and confirm that they did in fact send the email. Do not use any of the contact details provided in the suspicious email message
- If you receive a request to change the banking details of a creditor, confirm this request with the accountant or sender at the company before paying monies into a different account
- Never allow unauthorized access to your computer. If you did not explicitly request assistance, do not give out any information that could compromise your security
- 3DOM Digital Agency will never ask you to update your details or click on any links in an email without prior notice
- Look at senders and headers. If the sender is fake, delete the email, or ask an 3DOM Digital Agency Consultant to investigate if you are unsure
- Make sure that your antivirus program is running and up to date. Never bypass your antivirus program to open email attachments or other files
- When in doubt, ask Team 3DOM for assistance.