Back to Kora Blog
In
Merchant Security Awareness

The dangers of email spoofing: what you need to know

March 31, 2023
March 31, 2023
3 mins read
Astor George
Astor George
Brand Storyteller

Table of contents

Editor's note:

Email spoofing is a technique used in spam and phishing attacks to trick people into thinking a message came from a trusted source. This can lead to the transfer of money or personal information to fraudulent parties or the download of malware for malicious purposes.

Now that we know what email spoofing means, here are some insane statistics, courtesy of EisnerAmper, that will blow your mind.

  • 3.1 billion domain spoofing emails are sent per day.
  • More than 90% of cyber-attacks start with an email message.
  • Email spoofing and phishing have had a worldwide impact costing an estimated $26 billion since 2016.

How’s that for a wake-up call? 

How to identify a spoofed email

  • Ensure that the "From" email address matches the display name: Don't get tricked by some scammer pretending to be someone they're not. Check those email headers like a detective on a stakeout.

  • Ensure the "Reply-To" header matches the source: This is typically hidden from the recipient when receiving the message and is often overlooked when responding. If the "reply-to" address smells fishy, it’s likely forged.

  • Find where the "Return-Path" goes: This identifies where the message originated. Track down where that email really came from. It's like playing a game of email hide and seek, but with more cybercrime.

  • Confirm the details in the email signature: Check the components of the email signature, and make sure they add up.

How to protect yourself from email spoofing

Sometimes the best defence against being spoofed is to trust your instincts. Before responding to suspicious emails, perform the following tasks to ensure the message is reliable.

  • Ask yourself these questions: Does this email make sense? Was I expecting this message? Am I being pushed to act quickly?

  • Examine the email for unsolicited requests for personal information, generic greetings/signature, and unfamiliar links or attachments.

  • If you’ve done all of the above but still have suspicions, contact the supposed sender through a trusted phone number or some other trusted way. Do not reply to the message in question.

It's important to remember that cybercriminals are constantly coming up with new and sophisticated ways to deceive people. But with awareness and a proactive approach, we can protect ourselves and our businesses from the damaging effects of email spoofing. Stay alert, stay informed, and stay safe.

At Kora, our mission is to connect Africa to the world and connect the world to Africa via payments. For startups and businesses accepting money in and from Africa, we provide All The Support You Need™️ to start, scale and thrive on the continent. Visit www.korahq.com to see all the ways you can grow with Kora.