Introduction
In a nutshell, email spoofing is the creation of fake emails that seem legitimate. This article analyzes the spoofing of email addresses through changing the From header, which provides information about the sender’s name and address.
SMTP (Simple Mail Transfer Protocol, the main email transmission protocol in TCP/IP networks) offers no protection against spoofing, so it is fairly easy to spoof the sender’s address. In fact, all the would-be attacker needs is a tool for choosing in whose name the message will arrive. That can be another mail client or a special utility or script, of which there is no shortage online.
Email spoofing is used in both fraudulent schemes and targeted attacks against organizations. Cybercriminals use this technique to convince victims that a message came from a trusted sender and nudge them into performing a specific action, such as clicking a phishing link, transferring money, downloading a malicious file, etc. For added credibility, attackers can copy the design and style of a particular sender’s emails, stress the urgency of the task, and employ other social engineering techniques.
In some cases, fake emails form part of a multistage attack, the first phase of which requires no suspicious actions on the part of the victim. For examples of such attacks, see our article on corporate doxing.
Legitimate Domain Spoofing
The simplest form of the technique is legitimate domain spoofing. This involves inserting the domain of the organization being spoofed into the From header, making it extremely difficult for the user to distinguish a fake email from a real one.
To combat spoofing, several mail authentication methods have been create ..
Support the originator by clicking the read the rest link below.
