Hijacked Email Addresses

[Khedrac]

As I think all of us know, email spammers often spoof the "From" address on an email to make it look legitimate, this is particularly used for sending fake invoices (either phishing or malware).

Well I used to have a company (when I was an IT Contracter) and when I went back to being an employee I passed the company to my brother (who had just stopped being an employee) and he has just received an "undeliverable" message for a fake invoice from our company (I am still a director).

So, is there anything one can do about someone spoofing your email address and sending invoices that purport to be from you?

I rather think the answer is "no", but I also thought that the folks here will know if anyone does!

[factotum]

No, you can't. The thing that shows up in the "From" address in an e-mail is literally just a chunk of text in the e-mail header which can be set to literally anything the sender desires.

[veti]

If you have your own domain and website, you can put up a public notice there saying "someone has been sending out fake invoices in our name, it's not us and there's nothing we can do to stop it, but this is how you can tell a real invoice, don't open any attachment that doesn't meet these rules."

But that's about the only thing you can do.

[Khedrac]

That's pretty much what we thought, but I felt it worth checking. Thanks guys for the confirmation.

[Vinyadan]

If you have your own domain and website, you can put up a public notice there saying "someone has been sending out fake invoices in our name, it's not us and there's nothing we can do to stop it, but this is how you can tell a real invoice, don't open any attachment that doesn't meet these rules."

But that's about the only thing you can do.

I think I have recently seen this on the homepage of a large company. Maybe it was a smartphone manufacturer. Random people were receiving emails asking for CV, sent by someone pretending to be the company, or using a deceivingly similar company name. So they put up this banner.

[Khedrac]

As a simple Electrical Engineering contractor (which is what my brother is) the company doesn't have a web-page, but thanks for the suggestion.

[Misereor]

So, is there anything one can do about someone spoofing your email address and sending invoices that purport to be from you?

Creating an SPF record for your domain will take care of your obligation.
It is up to the recipient to have a mail gateway that actually checks them.

If you want to get a bit more secure, you can use DKIM/DMARC, but that's a bit more complicated.

[Leewei]

If someone is distributing phony invoices for your brother's company, they may be preying on your customer base. His company must reach out to customers immediately and warn them about this scam. Change their email logo and graphics. Invite customers to contact them if they receive any suspicious communication, and ask them to forward anything questionable to you.

Anyone invoicing these folks will provide a means to collect payment. Forward this to the FTC.

[Khedrac]

If someone is distributing phony invoices for your brother's company, they may be preying on your customer base. His company must reach out to customers immediately and warn them about this scam. Change their email logo and graphics. Invite customers to contact them if they receive any suspicious communication, and ask them to forward anything questionable to you.

Anyone invoicing these folks will provide a means to collect payment. Forward this to the FTC.

Not that sort of company, and I think there is a good chance that the so called "invoice" will be a ransomware app. My brother mainly invoiced the agency through which he worked as a contractor for another company; he just had a couple of other clients where he did work paid for directly (and it was the same when I was an IT contrctor - that's how a lot of the contracting market works here in the UK).