{"id":2267,"date":"2025-08-20T17:41:55","date_gmt":"2025-08-20T17:41:55","guid":{"rendered":"https:\/\/blogs.luc.edu\/uiso\/?p=2267"},"modified":"2025-08-20T17:41:55","modified_gmt":"2025-08-20T17:41:55","slug":"emails-from-myself-lets-talk-about-spoofed-addresses","status":"publish","type":"post","link":"https:\/\/blogs.luc.edu\/uiso\/emails-from-myself-lets-talk-about-spoofed-addresses\/","title":{"rendered":"Emails from Myself? Let\u2019s Talk About Spoofed Addresses"},"content":{"rendered":"

Introduction<\/span><\/b>
\nSecurity threats are always evolving and finding new ways to manipulate our trust. One confusing and increasingly common issue we have been noticing at Loyola is receiving suspicious emails that appear to come from your own address. If you\u2019ve ever wondered, \u201cDid I really send that email?\u201d or \u201cIs someone else using my account?\u201d You are not alone. This tactic is called email spoofing, and while it can be alarming, it doesn\u2019t always mean your account has been hacked. Here\u2019s what spoofing is, how it works, and what you can do to protect yourself.<\/span>\u00a0<\/span><\/p>\n

What is Spoofing?<\/span><\/b>
\nEmail spoofing occurs when someone sends an email that appears to come from a trusted sender but is actually forged. The sender\u2019s address in the email header is manipulated to look like it came from you or someone you know. The goal is to trick recipients into a false sense of security, hoping they will open the message, click on harmful links, and share sensitive information.<\/span>\u00a0<\/span><\/p>\n

How is it Done?<\/span><\/b>
\nSpoofing takes advantage of weaknesses in the way email systems verify the sender. Attackers exploit Simple Mail Transfer Protocol (SMTP), which is the basic system that moves emails around. When an email is sent, the \u201cFrom\u201d address can be altered without the receiving server checking if it is legitimate. Attackers use this to make the email appear as though it came from any address they choose.<\/span>\u00a0<\/span><\/p>\n

Misspellings versus Forged Addresses<\/span><\/b>
\nSometimes scammers create email addresses that look very similar to real ones by making small changes. For example, they might replace the letter \u201ci\u201d with the number \u201c1.\u201d This is different from spoofing where the attacker directly forges your exact email address. Both techniques aim to deceive you but work in slightly different ways. Spoofing tends to have a higher phish rate, as it is more accurate and realistic looking than misspelled addresses.<\/span>\u00a0<\/span><\/p>\n

Is Someone in My Account?<\/span><\/b>
\nNot necessarily. Spoofing can happen without anyone accessing your account. However, it is smart to check your email account activity and sent messages for anything unusual. If you find suspicious activity and believe your account is compromised, change your password immediately, inform UISO, and enable multi-factor authentication to protect your account.<\/span>\u00a0<\/span><\/p>\n

What to Do With Spoofed Messages?<\/span><\/b>\u00a0<\/span><\/p>\n

Spoofed emails can look convincing, but it is crucial to avoid engaging with them entirely. Here\u2019s how to handle them:<\/span>\u00a0<\/span><\/p>\n