Finding the Sender

The Tip

It’s actually rather trivial to fake a sender in an email phish, and easy to spot the simple attempts. In some cases, especially on a mobile device, it’s not always obvious that a ‘from’ address has been faked. Here’s how to check quickly.

The Detail

We’re not going to talk about some of the sophisticated methods that a from address might be faked in a phishing attempt, in this post. Let’s just discuss the simple and most common ones. These are the ones where the display name doesn’t match the actual address. This is the most common technique in low-level phishing attempts.

These are actually generally easy to spot in desktop email clients. You might see something like this in the ‘from’ field. 

From: Technology Services tech@fakedomain.com

We know by now to look at the address and see that it doesn’t match the name.

This gets a little harder on a mobile device though. Most mobile devices and even some desktop mail applications will just show the display name. This might be in an effort to conserve limited screen real estate, or it maybe just to keep things a little prettier looking. It does make it a little harder to spot the bad guys though.

This infographic illustrates how to check the actual email address in the default mail applications on iOS and Android phones. Although this is no guarantee that a more sophisticated sender-spoofing isn’t going on, it will expose most basic attempts.

InfoGraphic

If you have more questions about these topics, please contact UTS, and we’d be happy to offer what guidance we can. There is also a wealth of information to be found using your favourite search engine.