How to Stop Spoofed Emails
Stopping spoofed emails is not within your individual control, but you can control your responses. Software is being developed continuously to combat spoofed emails. Frequently spoofed companies are working to combat them, too, and yet the criminals are staying one step ahead. Your best defenses are to safeguard your personal information, educate yourself about spoofed emails and report spoofed emails when you get them.
Begin by understanding what happens when an email spoofs a reputable company. Let's say someone wants to get personal information from customers of Wells Fargo. He creates an email that looks like it came from Wells Fargo. It contains the company's and logo and the general appearance of something you might see on the Wells Fargo website. The email might state that Wells Fargo needs to verify certain information in order to update your account records, or it needs to verify certain information for security purposes. It provides a link and asks you to confirm your account number, password or Social Security number. The criminal sends the email to a vast number of people, assuming that a certain percentage of those people are Wells Fargo customers and that a percentage of those customers will provide the information. Once you give your personal information, he can log into your account, pretending to be you, and steal your money. He may also steal your identity. But he doesn't have access to your account unless you give it to him. These spoofed emails are called "phishing" scams because the criminal is "fishing" for people who take their bait. Don't bite.
Learn to tell the difference between a real email from a reputable company and a spoofed email. If you receive an email asking you to provide or confirm personal information, look closely at three things. First, look at the "From" address on the email you receive. Anything to the right of the "@" symbol should be the name of the legitimate company. Second, if you click the link in the spoofed email, look at the URL address that appears in your browser window. Is it the same address as the legitimate address for that company's website? Third, pay attention to the language in the email. Phishing emails frequently originate from another country, and English is often a second language for the people who write them. The tone or usage may seem inconsistent with what you would expect to see from the legitimate company. Always be cautious about giving out personal information in response to an email. A good rule of thumb is to provide personal information only when you initiate the contact.
Forward any suspicious email to the legitimate company being spoofed. You should be able to find a link on the company's website to report fraud. Also, forward the suspicious email to the Federal Trade Commission. Then delete the email from your computer. The FTC email address to report suspicious emails is email@example.com.