We have all gotten that email, at first glance, something looks off. You might not know exactly what it is, but the logo looks a little funny, a bit pixilated or maybe it says something you don’t recognize and to top it off, you don’t do business with that company or perhaps you just paid your bill so why would you receive another email from them? Whatever it is, something makes you question where the email came from. These are the tell–all signs of a spoofing email.

A spoofing email can be defined as an email forgery, where the e-mail header of the message appears to have originated from someone or somewhere other than the actual source. Un-trust worthy distributors will send these spammy emails with hopes that recipients will unknowingly open and respond with crucial information. Sometimes the senders are just phishing for information, other times they may be more malicious in nature and can cause serious problems and security risks.

Most phishing, spoofing emails are usually just annoying clutter in your in box and they require no special treatment other than deleting the email. However, the more malicious varieties can really pose serious risks, once interaction takes place. Recently, companies like The Bank of America, eBay, and Wells Fargo, are among some of the companies who where spoofed in mass spam mailings. Recipients report emails coming from someone in a position of authority, asking for sensitive data, such as password, credit card numbers, or other personal information – any of which can be used for a variety of criminal purposes.

Often times these malicious emails are pretty easy to spot, but it is a good practice to be vigilant at all times and never let your guard down. On many occasions, spoofed e-mail senders insert commands in headers that may alter the message information or they may send a message that appears to be from anyone, anywhere, saying anything they want. In cases with attached documents, they may contain macros that will not run by default when Word is opened. The recipient will need to enable macros to get the malicious code to run. Opening, clicking and downloading from one of these emails which may prompt you to run macros, or enable content, in a file received from the Internet (Word, Excel, PowerPoint, etc.) could lead to a disastrous outcome. So your best bet if you see something phishy, is don’t open it. Definitely don’t download or enable anything. Just delete the email and let your IT department know that the file was delivered to you so they can find out why it wasn’t blocked by the security they have in place.

According to Return Path Blog There are a few things you can do to help identify these suspicious emails so you never fall victim to these untrustworthy distributors. If you notice misspellings, strange or misleading subject lines, or simply something weird about the display name, trust your instincts and don’t open the email.