Email - Spoofing and Imposters

Body

Overview

Campus members are sometimes targeted by malicious actors attempting to use email to spoof or impersonate legitimate university senders. A commonly seen example of this is a spear phishing campaign that involves impersonating an individual in a position of authority in order to manipulate recipients to divulge sensitive information or even purchase gift cards.

Information

While the terms are generally used interchangeably, Spoofing and Impostoring (a type of phishing attack) are two similar but different types of email manipulation. Spoofed emails are sent using forged envelope addresses. Envelope addresses are strictly used to route messages between mail servers and are never visible to end users. Email security at Texas A&M prevents spoofing attacks. However, Impostor attacks are much more common, and considerably more difficult to detect.

An Impostor attack is sent from a fake or third-party email address, and makes little to no attempt to hide the address. This is because modern mail clients such as Gmail or Outlook hide the address by default to keep your mailbox overview as sleek and concise as possible.

While email security systems at the university block most Impostor attacks, detection and prevention is still important for everyone.

Helpful hints

  • Exercise caution when replying to unsolicited emails which contain urgent language, ask for sensitive information, or ask you to perform unusual tasks such as purchasing gift cards.
  • Remember, Texas A&M Standard Administrative Procedure prohibits the use of private email accounts from being used to conduct university business. If you receive an email purportedly from a supervisor but sent from gmail, it is probably a scam.
  • In most email clients, you can hover over the sender’s name to display the email address used to contact you. It is best practice to always check the sender’s address before replying to emails.
  • When in doubt, contact the sender via other means -- either by sending directly to their university email, or by telephone.

If you have received a suspected Impostor email, and are able to forward the message to the help desk, the email will need to be reported as an attached file. This is required by IT security to improve the Impostor detection engines and catch more attempts in the future. It also contains data that helps IT security determine if it is legitimate or not. See KB0019022 for directions on sending an email as an attachment. 

Details

Details

Article ID: 602
Created
Thu 5/2/24 11:06 AM
Modified
Wed 6/26/24 11:26 AM

Related Services / Offerings

Related Services / Offerings (1)

The "Email Support" Service offering allows for requests involving Email Relays or Email Inbox Creation, as well as incidents to be opened on Email issues.