5 Ways to Avoid Being the Target of Email Spoofing

Email Spoofing

Over several days, a number of your members report receiving an email from a board member asking them to open an attachment. Most realize it’s spam and delete it, but since it appears to come from your chapter, one or two fall victim to the scam.

Email spoofing happens when scammers forge the sending details on a message, the same way someone can write a false return address on an envelope. The message might appear to be from you, but isn't really. By leveraging publicly available information, scammers hope to get the recipient to provide something of value, like sending them account information or transferring funds.

The volume of spam emails quadrupled in 2016 (2017 IBM Threat Intelligence Index). There are a number of things you can do to protect your chapter from spoofing, and there are changes you can make in the aftermath of a spoofing attempt to maintain the safety of your email program and the integrity of your communications with your members and potential members.

Check your SPF records and adjust if necessary. The Sender Policy Framework (SPF) standard identifies the mail servers that can send email on behalf of your chapter, and an SPF-protected domain is less attractive to phishers and spoofers. Understanding some of its intricacies and adjusting as necessary can help protect your chapter’s reputation and improve your email deliverability. StarChapter maintains SPF records on your behalf.

If you've gotten a spoofed message, make sure that your email system is set to perform SPF checks. SPF records (above) don't do any good if your email system isn't checking them. Speak with your IT provider about this if you have received spoofed messages.

Check sender information carefully. Free email accounts are literally less than a dime a dozen. Anyone can get an address from Hotmail, Gmail, or a similar provider with your name in it. It could even be an address that looks like yours, but with a dot instead of a hyphen. If you don't recognize the email address that a message is coming from, proceed with caution. You can also check the email headers. This is one of the best ways to tell if an email isn't from the person it looks like it’s from. Emails have two parts – the body, with the text and any attachments, and the header, which contains information like the email address and the IP address of the sender, path of the email, recipient, subject, date, etc. Look closely. (Here’s an in-depth article on email headers and spoofing.)

Educate your chapter. Not everyone is familiar with common phishing scams, so education is important. You need to be vigilant, to keep your chapter and your email recipients as protected as possible. Give your members and potential members the tools they need to recognize potential scam emails. Common signs of a scam include:

• Asking for a transfer of funds, usually via Western Union  
• Asking for information that the "sender" should already have, like account information
• Requesting a login or password over email
• Links that are labeled one way, but whose addresses (visible when hovering over a link) are completely different.
• Messages that include grammatical or spelling mistakes

Share some common strategies to protect your members.

• Never click on misleading links or download unfamiliar attachments
• Set spam filters a little stronger, to send more emails to spam versus their inbox
• Learn to use your browser’s security features
• Keep your computer's antivirus software up to date

Ask your members and guests to report possible spoofed emails to you. Let members and guests know you’re looking out for them.

Print PDF

Return to list



    Leave a Comment

    Users love StarChapter on G2

    Read more starchapter reviews


    Join Our Newsletter

    Sign Up Now

    Request a Live Demo and Grow Your Association Chapter Today.

    StarChapter in The Top-20 List - Capterra


    Follow Us