Q: I thought you had a contact about how to unspoof (spoofed emails from myself). I want it gone. If I have to close the account I will. ~Janet
Tech+ If you’re getting spoofed emails from yourself, you can stop yourself from seeing them. But there is little you can do to prevent the spoofer from sending them. That’s because there’s no way to learn ahead of time when a stranger is randomly — or maliciously — forging your address as the sender’s address. Email wasn’t built to make sure the person sending the message is who they say they are. And that’s created a headache for billions of innocent email users out there.
I’m just the messenger of course. So I reached out to Amy Wiley, vice president of engineering services at Webroot, the Broomfield cybersecurity company that sells SecureAnywhere antivirus software.
First, Wiley shared her own research. Approximately, 1.38 million new and unique phishing sites are created each month. Those are sites pretending to be, for example, your bank so when you get an email saying your bank needs to verify something, you wind up at the fake site and type in your real account number. Also, Webroot found that 93 percent of phishing emails result in ransomware, or nasty software that will hijack your computer or data until you pay a fee.
“Unfortunately, there is no silver bullet to stop spam or phishing emails,” Wiley said. “Even if you block a particular email address, criminals can spin up additional accounts or obfuscate the IP address to make it look like the message is coming from somewhere safe.”
But we are not doomed. We just need to get smarter. Wiley offered several tips aimed at protecting your devices and your digital life:
- Run an up-to-date antivirus solution – Running antivirus on your devices helps protect you from the mass of attacks.
- Don’t open or click on emails from unknown senders. Set your email junk filter to a high setting.
- Scrutinize email addresses and URLs, and hover before you click. Criminals are famous for switching a letter or two in a trusted name to get you to click.
- If it sounds too good to be true, it probably is. You aren’t going to win a random gift card or prize for something you did not sign up to enter.
- Be particularly careful when viewing emails on smartphones as phishing indicators can be more difficult to identify.
- Do the basics – keep your machine updated, back up your information and use a strong passphrase – all of these actions make it easier to recover if you do click on a malicious link.
My additional advice is to also report it to your internet service provider. They have more time and tools to do more research and may be able to block messages from the IP address. Of course, the IP address can be spoofed. But ISPs are constantly fighting this too. If you have phishing, spoofing or malware issues, contact your ISP:
- Comcast: constantguard.xfinity.com/help/report-abuse/
- CenturyLink: Email [email protected] ; also offers tips for spoofed phone numbers and advises customers to call CenturyLink Annoyance Call Bureau at 800-582-0655.
You can also report spam, phishing, spoofing and other email annoyances to these sources:
- U.S. Federal Communications Commission: consumercomplaints.fcc.gov or 888-225-5322
- U.S. Federal Trade Commission: Forward phishing emails to [email protected]; file a complaint at ftccomplaintassistant.gov; or read more at consumer.ftc.gov/articles/0003-phishing
- Anti-Phishing Working Group: An international coalition fighting cybercrime wants your phishing mail to help analyze the problem. Details at apwg.org/report-phishing
- Colorado Attorney General: Report fraud, like phishing mails, at stopfraudcolorado.gov/fraud-center/digital-fraud
Lastly, consider a new email address. Use a free account, such as Gmail, to create a throwaway email address that can be used for marketing and sharing publicly. And try to keep your own email limited to sensible friends and family. And as a blast from the past, here are some old Tech+ Q&As that also might help in your quest to rid yourself of spoofed and unwanted email:
- How to stop spam from getting to my spam folder?
- Suspicious e-mail activity solved, but how to prevent it?
- When Do Not Call doesn’t seem to work, here’s how to avoid scammers, spammers and robocallers
- End of phishing and spoofing near with new e-mail tool
Miss a week? Then subscribe to the Tech+ newsletter and get this week’s question and future ones delivered to your inbox. Sign up, see past Tech+ answers or ask your own tech question at dpo.st/mailbag. If you’re emailing your question, PLEASE add “Mailbag” to the subject line.