5 Ways to Avoid Being the Target of Email Spoofing

Email Spoofing

Over several days, a number of your members report receiving an email from a board member asking them to open an attachment. Most realize it’s spam and delete it, but since it appears to come from your chapter, one or two fall victim to the scam.

Email spoofing happens when scammers forge the sending details on a message, the same way someone can write a false return address on an envelope. The message might appear to be from you, but isn't really. By leveraging publicly available information, scammers hope to get the recipient to provide something of value, like sending them account information or transferring funds.

The volume of spam emails quadrupled in 2016 (2017 IBM Threat Intelligence Index). There are a number of things you can do to protect your chapter from spoofing, and there are changes you can make in the aftermath of a spoofing attempt to maintain the safety of your email program and the integrity of your communications with your members and potential members.

Protect your contact information. Unless your members market services to the general public, keep your member directory and board members' email addresses private. By doing this, you limit the pool of potential victims available to the scammers. The built-in contact forms in StarChapter ensure that members and potential members can easily contact the board without anyone's email address being exposed.

Check your SPF records and adjust if necessary. The Sender Policy Framework (SPF) standard identifies the mail servers that can send email on behalf of your chapter, and an SPF-protected domain is less attractive to phishers and spoofers. Understanding some of its intricacies and adjusting as necessary can help protect your chapter’s reputation and improve your email deliverability. StarChapter maintains SPF records on your behalf.

If you've gotten a spoofed message, make sure that your email system is set to perform SPF checks. SPF records (above) don't do any good if your email system isn't checking them. Speak with your IT provider about this if you have received spoofed messages.

Check sender information carefully. Free email accounts are literally less than a dime a dozen. Anyone can get an address from Hotmail, Gmail, or a similar provider with your name in it. It could even be an address that looks like yours, but with a dot instead of a hyphen. If you don't recognize the email address that a message is coming from, proceed with caution. You can also check the email headers. This is one of the best ways to tell if an email isn't from the person it looks like it’s from. Emails have two parts – the body, with the text and any attachments, and the header, which contains information like the email address and the IP address of the sender, path of the email, recipient, subject, date, etc. Look closely. (Here’s an in-depth article on email headers and spoofing.)

Educate your chapter. Not everyone is familiar with common phishing scams, so educationis important. You need to be vigilant, to keep your chapter and your email recipients as protected as possible. Give your members and potential members the tools they need to recognize potential scam emails. Common signs of a scam include:

• Asking for a transfer of funds, usually via Western Union. 
• Asking for information that the "sender" should already have, like account information.
• Requesting a login or password over email.
• Links that are labeled one way, but whose addresses (visible when hovering over a link) are completely different.
• Messages that include grammatical or spelling mistakes.

Some common strategies to protect yourself are:

• Never clicking on misleading links or downloading unfamiliar attachments
• Setting spam filters a little stronger, to send more emails to spam versus their inbox
• Learning to use your browser’s security features
• Keeping your computer's antivirus software up to date.

Ask your members and guests to report possible spoofed emails to you. Let members and guests know you’re looking out for them.

Print PDF

Return to list



    Leave a Comment

    Users love StarChapter on G2 Crowd

    Read more starchapter reviews


    Join Our Newsletter

    Sign Up Now

    Request a Live Demo and Grow Your Association Chapter Today.

    StarChapter in The Top-20 List - Capterra


    Follow Us