2002 Tech Tip: Spoofed/Forged Email

Email spoofing may occur in different forms, but all have a similar result: a user receives email that appears to originate from one source when it actually was sent from another source. Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords).

Examples of spoofed email that could affect the security of your site include:

• email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not do this and
• email claiming to be from a person in authority requesting users to send them a copy of a password file or other sensitive information.

If, after investigating the activity, you find that there is more to the incident than spoofed email (such as a compromise at your site or another site), this tech tip includes additional security measure that you can take.