Did anyone ever send you an email with another email attached to it?
It’s a pretty common business practice – and a perfectly legitimate one. For example, you may want to fill your colleague in on the background to a project, or discuss an email sent by another colleague. And attaching the email means it’s the original conversation rather a forwarded email that might have been edited before sending. So, you can trust the attachment. Right?
You may want to think again.
Example Fake Email
Here is a fake email I prepared earlier. Hint: click the image to see a larger version.
As you can see from the image:
- It was sent on Tuesday 28th July 2015 at 11.51. Wrong: I sent it a few days ago (late October 2015).
- It was sent to email address: email@example.com. Wrong: It was sent to a completely different email address.
- It was sent from firstname.lastname@example.org. Wrong: It was sent from one of my own email addresses. I did not have time to fake this, so I redacted my email address. But please take my word for it as an IT professional that this could have been faked too.
I promise that aside from the redaction, the image shows exactly what appears on my email reader (Outlook).
How to Tell It’s a Fake
There is no way of telling that the date is a fake from the email. You can check the email address though. What appears in the To box is just a piece of text even though it looks like an email address. Do not trust what appears there.
Click the recipient in the To box to get to the contact information. This reveals that the real email address is IMCEAINVALID-man+40onthemoon+2Ecom@nonsense.com. The dodgy format of this email address guarantees that it’s never going to be delivered anywhere.
Even better, there is a known Outlook bug that can cause emails addresses to become corrupted – and the corrupted addresses begin with IMCEAINVALID, so even if you discovered the discrepancy it would look like it was accidental.
Why Might Someone Fake an Email?
The above example is a frivolous one. Nobody really thinks Santa Claus emailed the man in the moon in July to ask for help with the Christmas presents.
But here are 2 situations where the implications of a faked email might be more serious:
- If you asked a company or organisation for a copy of an email as evidence. E.g. if an organisation claimed they had sent you an email that you did not receive, you might ask them to attach a copy to prove they had sent it. Whilst you would not expect any reputable organisation to fake an email, a less-than-honest employee might resort to doing so in order to cover up that they forgot to email you – rather than just owning up to their mistake.
- Scammers could use a fake email to try and get you to part with your money. Already there are plenty of scam emails in circulation that claim to come from banks, the DVLA, HMRC, etc. that try to fool you into parting with login details or clicking a link that installs a virus. A variation on that them is that a scammer could pose as a third party supposedly employed by (e.g.) your bank to act on their behalf. Attached to their email as “proof” could be a very convincing but entirely fake email from your bank authorising them carry out work for them.
The safest way to protect yourself is to assume what you see may not be genuine. If in doubt, you can always ring your bank on the number they publish on their website and check whether they sent you the email or authorised another party to act for them.