You receive a notice that an email message you sent is undeliverable, but you know you did not send the original email. Or someone calls you and says they received a virus-infected email message from you, but you did not send an email messages to them. Could your computer have a virus? Could someone know your password and be sending email messages without your knowledge? What is going on?
This could actually be a case of “email spoofing”. Many computer viruses, spyware and malware spread via email. Once activated, they search the infected computer and send outbound virus-infected email to all the contact names and email addresses that are found in the Contact List, Inbox and/or Sent Items. However, just to be extra tricky, the virus substitutes one of the harvested email addresses for the sender’s display name and email address. This is called email “spoofing” and can make it appear that one person has an infected computer or sent an infected email message, when they really didn’t.
Let’s consider an example outside the world of computers. Imagine someone writes a nasty hand-written letter. They sign your name at the bottom of the letter along with writing your telephone number. And they write your name and home address or business address in the return address section on the outside of the envelope. They address the envelope to someone and they mail it at the Post office. That person receives the envelope in the mail and opens it. They don’t like the tone of your nasty letter and they call you to complain about it. And they later call the police about the threats you wrote. You say, “Hey, I never wrote that letter!”. The same thing can happen in the world of electronic mail. Someone can send an email message and make it “appear” as though it came from you, when it really didn’t.
So let’s say someone calls you and says they received a virus-infected email message from you, but you did not compose or send an email messages to them. Here is an example of what really might be going on:
- Person A has a computer and is not using a good antivirus program, or does not have current virus definitions, or is not following good security practices.
- Person A’s computer becomes infected with a virus. Both Person B and Person C have exchanged email messages with Person A in the past, and are in Person A’s contact list, or the prior email messages are still in the Inbox or Sent Items.
- When the virus executes on Person A’s computer, it finds the names and email addresses of Person B and Person C, along with dozens or hundreds of others. The virus secretly composes an email message with an infected attachment and inserts Person B’s name and email address into the “From” field of the infected outbound message. It adds Person C’s name to the “To” field of the message, and then sends the infected email message to Person C. It also sends hundreds of similar outbound infected email messages to everyone else in Person A’s contact list.
- Person C receives the virus infected email message, which appears to have been sent by Person A (because that is the display name and email address shown in the “From” field on the email message).
- Person C then contacts Person B and complains they sent him a virus-infected message.
- But when Person B scans their computer, the antivirus software does not find anything (as would be expected, because the computer is really not infected). It was actually Person A’s computer that sent the virus infected email message and falsely stamped the message as coming from Person B.
You receive a non-deliverable report (“NDR”) saying the message you sent to Person B was not deliverable. But you know you never sent any messages to Person B. Here is an example of what might be going on:
- Same example as above, Person A’s computer is infected with a virus.
- You and Person A previously communicated, and your name and email address are in their Contact List, Inbox or Sent Items.
- When their computer sends the outbound email addresses, your name and email addresses are randomly selected and inserted in the email message as the Sender.
- One of the email addresses in the contact list is no longer valid.
- When the email message is sent, it gets rejected by the recipient’s mail server because the email address is invalid.
- That mail server sends a non-deliverable message report (“NDR”) to the original sender of the message, which appears to be you.
- You receive the NDR reporting the message you sent was not deliverable (even though you personally never sent the original message, it just looked like you did).
Wolf Consulting provides multiple layers of protection to keep the computers and networks of our clients safe and secure from viruses, malware, spyware, etc. So if you ever receive a notice that an email message you sent was undeliverable but you did not send the original email, or if someone ever calls you and says they received a virus-infected email message from you but you did not send an email messages to them, you should think of Email Spoofing as the likley culprit. Someone else’s computer may be sending those messages and just making it appear as through you are the sender.
For more information about Email Spoofing or ways to protect your business from computer viruses, please contact us.