Scammers deliver unwanted lesson in spoofing, phishing

If the scammers keep this up, January will go down as the month when many of us at UC Davis learned the difference between phishing and spoofing, whether we wanted to or not.

The campus has seen plenty of each type of email fraud lately, but the phishing is worse than the spoofing, and knowing how to tell them apart will help you know how to respond. An FAQ can help you learn the difference.

Phishing happens when a scammer, pretending to be legitimate, emails you a message asking for your account log-in name and password. If you comply, the scammer will use your account to spew spam to other email accounts. UC Davis has weathered several rashes of phishing this month, leading to gushers of spam that prompted some Internet service providers (Hotmail, AT&T, etc.) to temporarily block email from all ucdavis.edu email accounts as suspect.

Spoofing happens when a scammer sends an email and inserts an "@ucdavis.edu" address in the From line. He doesn't have access to that account, any more than he gets access to the White House by scribbling "1600 Pennsylvania Ave." as the return address on an envelope. He's appropriating the ucdavis.edu address because a ucdavis.edu From line will seem legitimate--and might help the message dodge a few spam filters.

In other words, spoofers do not have access to the ucdavis.edu email account they're citing. They just claim to have access.

Spoofing is alarming, especially when your email address turns up in the From line and makes it look like you've sent spam. Spoofing is especially alarming when it coincides with phishing escapades, as it has this month, that lead to spam flowing from compromised ucdavis.edu accounts. Seeing a spoofed email message in your inbox might make you think your account has been compromised and is being used to send spam to colleagues, or even to yourself.

Spoofing doesn't even seem possible. How could someone insert a fake From line? Let's just say, it can be done.

The important message for your peace of mind is this: Unless you're seeing several spoofed messages in your email account each day, you probably don't need to worry. Also, if your account has been phished, it will probably be sending out so much spam that you clearly will have been phished--not just spoofed.

If you have any doubts, contact the IT Express Computing Services Help Desk at (530) 754-HELP (4357). They have fielded lots of calls this week, on this subject and others, so if they take a little longer to respond, please be patient. Information and Educational Technology is responding to the demand for information by creating other information resources--such as this article, and the FAQ cited above--that can help people understand what's happening on the UC Davis email fraud front.

But if you have questions and need help, call IT Express.

One other note: Phishing and spoofing can involve more than email. Spoofing is slang for any falsified information created to disguise the source of the deception; computer (IP) addresses, for example, can be spoofed. Phishing can occur by phone when, for instance, a scammer calls you and pretends to represent your bank and wants you to hand over account information.

But, back to email: When you get a phishing message, don't respond to it. Not even to insult the sender, because if you respond they'll know your account is active. Just delete the message. Same with spoofs. Then you're free to get on with your day.