Overview
Spoofing an email means forging what appears as the sender (From:) address.
When you send a letter through the post, you generally write a return address on the envelope so the recipient can identify the sender, and so the post office can return the mail to the sender in the event of a problem. But nothing prevents you from writing a different return address than your own; anyone could send a letter and put any return address on the envelope. Email works the same way. When a server sends an email message, it specifies the sender, but this sender field can be forged (i.e., spoofed).
Why do attackers spoof emails?
- Pretending to be someone the receiver knows. This can be used to ask for sensitive information or to initiate a monetary scam.
- Pretending to be from an organization the receiver has a relationship with. Phishing attempts to get hold of login details for banks etc. are a common example.
- Hiding their true identity to evade spam filters.
- Easy to rotate. If you are spamming, your address is bound to be blocked. If you’re able to easily switch sender addresses, who cares?
I think someone is spoofing a UFV email address, what can I do?
If you are concerned about an email you received, please forward it to phishreport@ufv.ca.