Email spoofing occurs when a scammer mimics a trusted sender's email address. Determining the authenticity of the email can sometimes be a challenge because the request's origin may appear legitimate (e.g., from the President, CFO, or CIO).
The best way to spot a spoofed email is not by the sender's address but by the nature of the request.
Michigan Tech IT recommends that you always verify the sender over the phone when you are requested to send information such as:
- Username
- Account information to transfer money for an unknown payment
- Confidential data
NOTE: You should never convey your password across any type of medium.
It is very easy to change the name that is displayed in the FROM field of an email, but it is much more difficult to change the actual email address it was sent from. If an email seems the least bit suspicious, DO NOT respond or follow any instructions in the email. Follow-up with the sender in-person, if possible, or via telephone.
- Check the email address, not just the display name. To trick you into opening the email and following the instructions, spoofing scams use a sender name that will look familiar. Whenever you get an email, hover your mouse over the contact name and look at the actual email address. They should match or be pretty close.
- For example, you might get an email that looks like it's from your bank. So the sender name will be "US Bank of America." If the email address is something like "customerservice@nowhere.com," chances are you're being spoofed.
- If someone's personal email address is spoofed, make sure the email address listed is the one you have for that person.
Michigan Tech IT wants you to be safe and not be a victim of cyber theft. You are not in this alone; our staff is constantly on the lookout for cybercrimes.
If you have any questions about email spoofing or what you should do if you receive a strange request, we can help. Contact us at it-help@mtu.edu or call 7-1111.