April 12, 2017, by Aleisha Turner

Spoofed email addresses

Reports of ‘Spoofed’ email addresses

Information Services has recently received reports of ‘spoofed’ email addresses being used to gain confidential information from members of staff.

Read more about recent phishing attacks to University email.

What are Spoofed email addresses?
A spoofed email address appears to be registered to an individual who works for the University, usually someone senior, but is not. In the reports we’ve had, an unknown individual set up an email address with aol.com which appeared to be from the Service Manager, Sam Passingham. The name in the “from” field in the email was “Sam Passingham” however the actual sender email address was: quickreply92873@aol.com.

Can Information Services block all emails from spoofed email addresses?
In order to block spoofed emails, we need to block the domain the email is sent from. In the example above, the domain is aol.com. Any individual with malicious intent can set up a spoof email address with known providers such as aol, google, hotmail etc. To block spoof emails, IS would have to block all emails coming from commonly used email providers. This could have a significant impact on collaboration with colleagues outside of the nottingham.ac.uk network.

How to spot Spoofed email addresses
Your Outlook Inbox displays the ‘from’ name rather than the ‘from’ email address. When you open the email in a new window you will see the email header. This is where the ‘from’ email address is displayed as highlighted below:

The email message is likely to be short, and ask a simple question in order to prompt an email exchange during which more detailed information can be obtained. This type of email fraud is considered ’social engineering’. Typically these messages contain poor spelling, grammar and punctuation as highlighted in the image below.

What to do if you have received an email from a spoofed address
If you receive a suspected spoof email, never reply or click on any links within the email. Forward the email to the itservicedesk@nottingham.ac.uk in order that Information Services can investigate.

Information Services will never ask for your username and password via email. More information on email security can be found on our Cyber security webpages.

Posted in Cyber Security