What is email spoofing?
Email spoofing is the act of sending emails with a forged sender address. It tricks the recipient into thinking that someone they know or trust sent them the email. Usually, it’s a tool of a phishing attack, designed to take over your online accounts, send malware, or steal funds.
Spoofed email messages are easy to make and easy to detect. However, more malicious and targeted varieties can cause significant problems and pose a huge security threat.
Reasons for email spoofing
The reasons for email spoofing are quite straightforward. Usually, the criminal has something malicious in mind, like stealing the private data of a company. Here are the most common reasons behind this malicious activity:
- Phishing. Almost universally, email spoofing is a gateway for phishing. Pretending to be someone the recipient knows is a tactic to get the person to click on malicious links or provide sensitive information.
- Identity theft. Pretending to be someone else can help a criminal gather more data on the victim (e.g. by asking for confidential information from financial or medical institutions).
- Avoiding spam filters. Frequent switching between email addresses can help spammers avoid being blacklisted.
- Anonymity. Sometimes, a fake email address is used to simply hide the sender’s true identity.
Dangers of email spoofing
Email spoofing is incredibly dangerous and damaging because it doesn’t need to compromise any account by bypassing security measures that most email providers now implement by default. It exploits the human factor, especially the fact that no person double-checks the header of every email that they receive. Besides, it’s incredibly easy for attackers and requires almost no technical know-how to do it on a basic level. Not to mention the fact that every mail server can be reconfigured to be identical or almost identical to slip by.
How do hackers spoof your email address?
Email spoofing is possible by forging email syntax in several methods of varying complexity. They also differ in which part of the email the attacker will be forging.
Here’s what variation you could encounter when surfing the web.
Spoofing via display name
Display name spoofing is a type of email spoofing, in which only the email sender’s display name is forged. Somebody can do this by registering a new Gmail account with the same name as the contact you want to impersonate. Mind you, the mailto: will display a different email address. If you’ve ever received an email from Jeff Bezos asking you to loan some money – you’ve encountered an example of spoofing via display name.
This type of email will also bypass all spoofing security countermeasures. It won’t get filtered out as spam, because it’s a legitimate email address. This exploits user interfaces built with ease of use in mind – most modern email client apps don’t show metadata. Hence, display name spoofing is very effective due to the prevalence of smartphone email apps. Often, they only have space for a display name.
IndicHosts.net recommends that organization adopts a policy to do-away with email’s display-name altogether, company wide.
Spoofing via legitimate domains
Suppose the attacker is aiming at higher believability. In that case, he may also use a trusted email address in the From header, such as “Customer Support Specialist” . This means both the display name and email address will show misleading information.
This attack doesn’t need to hijack the account or penetrate the targeted company’s internal network. It only uses compromised Simple Mail Transfer Protocol (SMTP) servers that permit connections without authentication and allow you to manually specify the “To” and “From” addresses. Using shodan.io, we can identify 6,000,000 SMTP servers, many of which are guaranteed to be vulnerable. Besides, the attacker can always set up a malicious SMTP server himself.
The situation is dire because many enterprise email domains aren’t using any countermeasures for verification. Still, there are some techniques that you could use to protect your domain – more on that later.
Spoofing via lookalike domains
Suppose a domain is protected, and domain spoofing isn’t possible. In that case, the attacker is most likely going to set up a lookalike domain. In this type of attack, the fraudster registers and uses a domain that is similar to the impersonated domain, e.g.”@doma1n.co” instead of”@domain.co”. This change could be minimal enough not to be noticed by an inattentive reader. It’s effective because when exactly was the last time you bothered to read an email header?
Using a very similar domain, which also bypasses spam checks due to being a legitimate mailbox, the attacker creates a sense of authority. It might be just enough to convince its victim to reveal their password, transfer money, or send some files. In all cases, email metadata investigation is the only way to confirm whether the message is genuine. However, it’s sometimes plain impossible to do on the go, especially with smaller smartphone screens.
How to stop email spoofing?
Emails are the lifelines of most businesses, but they’re also popular targets for cyber attackers. Business Email Compromise (BEC) and email spoofing are two terms you might hear often in cyber threat briefings. These tactics are getting smarter and more deceptive, but don’t worry – there are clear steps to protect your inbox.
1. Authenticate Your Emails:
- SPF, DKIM, and DMARC: Think of these as your email’s ID cards. They help confirm the email is coming from who it says it’s coming from. This can we enabled through your web hosting control panel or make a ticket for us to do it for you.
2. Knowledge is Power:
- Recognize the Red Flags: Be wary of unexpected emails, and hover over links to see their true destination.
- Double-Check Email Addresses: Even if an email’s name looks right, the actual address might give away a scam.
%22%20transform%3D%22matrix(6%200%200%206%203%203)%22%20fill-opacity%3D%22.5%22%3E%3Cellipse%20fill%3D%22%23fff%22%20rx%3D%221%22%20ry%3D%221%22%20transform%3D%22matrix(55.11295%202.98481%20-4.29607%2079.3247%20122%20104.9)%22%2F%3E%3Cellipse%20rx%3D%221%22%20ry%3D%221%22%20transform%3D%22rotate(172.9%20111.8%2046.6)%20scale(42.50188%20255.00001)%22%2F%3E%3Cpath%20d%3D%22M96-16L0%20192-16-16z%22%2F%3E%3Cellipse%20fill%3D%22%23fff%22%20rx%3D%221%22%20ry%3D%221%22%20transform%3D%22matrix(35.6377%201.11996%20-1.6594%2052.80267%20125.6%20104.3)%22%2F%3E%3Cellipse%20rx%3D%221%22%20ry%3D%221%22%20transform%3D%22matrix(-39.6284%2033.72641%20-159.6911%20-187.6364%20215.2%204.8)%22%2F%3E%3Cellipse%20rx%3D%221%22%20ry%3D%221%22%20transform%3D%22matrix(15.32145%2031.36509%20-142.6484%2069.68196%2046.8%205.3)%22%2F%3E%3Cpath%20fill%3D%22%23757575%22%20d%3D%22M170.6%20162.8l-2.3%2044-106.9-5.6%202.3-44z%22%2F%3E%3Cpath%20fill%3D%22%233d3d3d%22%20d%3D%22M7.2%20236.6l-17.8-126.8%2059.4-8.4%2017.8%20126.8z%22%2F%3E%3Cellipse%20rx%3D%221%22%20ry%3D%221%22%20transform%3D%22matrix(-18.47084%20-84.86838%2031.5401%20-6.86442%20232.6%2024.5)%22%2F%3E%3Cellipse%20fill%3D%22%236a6a6a%22%20rx%3D%221%22%20ry%3D%221%22%20transform%3D%22matrix(-17.28586%203.14373%20-11.75185%20-64.61772%20181.9%2082.2)%22%2F%3E%3Cellipse%20fill%3D%22%23878787%22%20cx%3D%2273%22%20cy%3D%2293%22%20rx%3D%2211%22%20ry%3D%2276%22%2F%3E%3Cpath%20fill%3D%22%237c7c7c%22%20d%3D%22M121%2019L66%2044l117-1z%22%2F%3E%3Cpath%20d%3D%22M-16%201l29%2084L64-8z%22%2F%3E%3Cpath%20fill%3D%22%231c1c1c%22%20d%3D%22M271%20185L222%2079l-60%20129z%22%2F%3E%3Cpath%20fill%3D%22%23898989%22%20d%3D%22M173.7%20176.2L53.2%20145.7l70.6%2062.3%2062-103.5z%22%2F%3E%3Cellipse%20fill%3D%22%233f3f3f%22%20rx%3D%221%22%20ry%3D%221%22%20transform%3D%22matrix(8.81093%203.41204%20-54.7788%20141.45538%2043.7%20102.5)%22%2F%3E%3Cellipse%20fill%3D%22%23dcdcdc%22%20cx%3D%22122%22%20cy%3D%22119%22%20rx%3D%2243%22%20ry%3D%2244%22%2F%3E%3Cpath%20fill%3D%22%23262626%22%20d%3D%22M137.9%2016.7l-40.2%201%2060-33.7%2051.8%2052.2z%22%2F%3E%3Cellipse%20fill%3D%22%23b3b3b3%22%20cx%3D%22160%22%20cy%3D%2286%22%20rx%3D%2211%22%20ry%3D%2249%22%2F%3E%3Cellipse%20fill%3D%22%23b3b3b3%22%20rx%3D%221%22%20ry%3D%221%22%20transform%3D%22matrix(-.49605%2054.90253%20-11.02773%20-.09964%2089%2089.7)%22%2F%3E%3C%2Fg%3E%3C%2Fsvg%3E)
3. Upgrade Your Email Defenses:
- Invest in stronger email security. Some tools can analyze threats and even “sandbox” suspicious items to check them in a safe space.
- IndicHosts offers premium email filtering by SpamExperts to assist with your email defence strategy.
4. Two Steps are Better Than One: Multi-Factor Authentication (MFA) adds an extra layer of security. Even if someone knows your password, they won’t get very far without the second verification step. Upcoming version of cPanel now implements MFA for IndicHosts web hosting‘s webmail interface.
5. Back it Up: Regularly save important data. If a cyber attacker holds it hostage, you can bounce back without paying them off.
6. Communication Policies:
- Verify Big Requests: If someone asks for sensitive info or money, double-check with them through another method, like a phone call.
- Spot External Emails: Some businesses mark outside emails with tags like “[EXTERNAL]” to make them stand out.
7. If It Looks Fishy, Report It: Encourage your colleagues to speak up about strange emails. Everyone staying alert makes it harder for scammers to succeed.
8. Filter Content: Just like a coffee filter catches unwanted bits, content filters in your email system can weed out harmful content.
9. Stay Updated: Just as you’d update your smartphone, regularly updating and patching your email software keeps it secure against known threats.
10. Keep a Low Profile: Try not to splash individual email addresses all over the web. Instead, use general ones like “[email protected].”
11. Be Selective: Consider creating an email VIP list (whitelist) or a no-entry list (blacklist) to manage who can reach your inbox.
In conclusion, while technology can bolster our email defenses, the real power lies in being informed and vigilant. Regular training and a sharp eye can be your best shields against email threats. Stay safe and always be email-smart!