If you become alerted by a colleague, friend, or family member that they received an email from you that you did NOT send or you receive an email from someone that they did not send, you may be the victim of email spoofing. This is a method in which the sender creates an email that appears to be from one address but the "reply to" address is actually the spoofer.
These emails may appear to be legitimate; however, upon further inspection, it is clear they are not.
You may notice the sender appears to be someone you know, even your boss. But it is important to check the reply-to information as well.
Click the dropdown arrow next to the receiver.
Here, you will find the reply-to information. Often in a spoofed email, this information does not match the sender's "from" email.
Steps to Take if You Receive a Spoofed Email
- If you receive one of these messages, report it as Spam.
- If the sender is attempting to solicit information from you, report it as Phishing.
- Most importantly, do NOT respond to, open attachments, or click on any link within an email you were not expecting to receive. Always confirm the validity of the sender prior to opening an attachment or clicking any link.
For more information about spoofing, please read this article from Google Support: Someone is sending emails from a spoofed address.