Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type


Publication Date

White Paper

2002 Tech Tip: Spoofed/Forged Email

  • Abstract

    Email spoofing may occur in different forms, but all have a similar result: a user receives email that appears to originate from one source when it actually was sent from another source. Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords).

    Examples of spoofed email that could affect the security of your site include email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not do this and email claiming to be from a person in authority requesting users to send them a copy of a password file or other sensitive information.

    If, after investigating the activity, you find that there is more to the incident than spoofed email (such as a compromise at your site or another site). This tech tip will help you know how to deal with it.

  • Download