It’s always something —
Whether it’s someone trying to convince you that hotel rooms at EMDA convention are almost gone, or yet another email ‘advertising’ the availability of attendee lists, they’re ALL scams. Now we’re adding “Email Spoofing” to our list of warnings.
Last Tuesday, several members received what looked to be an email from EMDA supposedly informing them of a mandatory requirement for members to update membership information on a new platform.
While staff is working on adding member-only section to EMDA web site, we do not have a “new requirement and platform” as noted in the scam email.
My first thought when I learned about the emails was that I’d been hacked. What I subsequently learned is that my email had actually been “spoofed.” In general terms, if you’ve been hacked you’re very likely not able to access your email account. Another clue: If you have email in your Sent folder that you did NOT send: Your account has been compromised (hacked). But that’s not what happened to EMDA.
Spoofing is when a spammer sends out emails using your email address in the From: field. The idea is to make it seem like the message is from you – in order to trick people into opening it. If you DO NOT find any strange email in your Sent Folder: Your account has most likely been spoofed. This is what happened to EMDA.
So what can you do about email spoofing?
The short answer is, not much. There are no definitive ways to prevent someone from harvesting your email address from the internet somewhere and using it for spam (EMDA’s web site does list emails, but they are protected with ROT13 encryption). One thing that usually makes it much more difficult for someone to spoof your email is the SPF standard – “Sender Policy Framework.” SPF enables a domain to specify which servers may send emails on its behalf. EMDA’s web domain has always had the SPF standard enabled, but sometimes receiving servers ignore the SPF settings. In light of this latest spoofing, I’ve tightened up some of the SPF parameters.
In any case, here are a few tips to consider if you receive any more spoofed EMDA email:
- Check the From: field – it should say “EMDA/Patricia A. Collins”
- Check for spelling errors – ie. their instead of there, or even not capitalizing the letters of the association name
- General vagueness or bad syntax – ie. Dear “members and friends”, or “inform that our new requirement and platform”
- Check the To: field – in the copies of the spoof email members sent to me, none of them had the correct To: email address
When in doubt, if an email from EMDA looks at all suspicious, just call or send an email to me.