What Is Email Spoofing

This article will be discussing the definition of email spoofing. Instances of Email Spoofing and how it operates. Data on Email Spoofing And phishing. Safeguarding yourself from Email Spoofing. Here are some practical facts about how it works. Harmful uses of spoofing. What’s the discrepancy between Email spoofing, Spam, and Email Phishing? The consequence of email spoofing on mail servers.

Meaning Of Email Spoofing

Email spoofing is the technique of forging email addresses. In such a way that the receiver trusts the message believing it came from either someone they actually know or trust. This technique typically uses email by spammers and phishers. The sender typically forges a display name so that the sender believes it to be real. This display name takes at face value as most receivers don’t bother to check the actual email address.

If the receiver closely checks the display name, which doesn’t happen most times, they might notice that it’s a forgery. If it’s a recognized name, they’ll likely open the mail. And end up opening malicious links or even granting access to sensitive information.

The entire process of spoofing emails is possible because of the design of the email system. The client application is used to assign sender addresses to outgoing messages. But outgoing email servers cannot tell if the address is legitimate or not. Although the use of anti-malware software, as well as the recipient server. Can help in detecting spoofed mails, not every email service has security protocols put in place. Users on their end can examine the email display names. By checking it up against the email address, to determine if the message is falsified. In most spoofing cases they don’t match.

However, the issue of email spoofing is not a recent phenomenon. It started with spammers trying to get around email filters and has been around since the early 1970s. Its popularity increases throughout the 1990s and identify as a serious cybersecurity issue during the 2000s and to date. In 2014, with the introduction of some security protocols, spoofing of emails is now rejected or sent to the spam folder.

Instances of Email Spoofing and how it operates.

The intention of those engaged in email spoofing is usually to exploit the trust of the receiver. Has in the email header and ask them to either take further action or divulge sensitive information. For instance, a user might receive a mail seemingly sent from PayPal. Ask them to click a link to authenticate their account by changing its password or risk having their account from suspension. If that user follows the mail content and types in their details. The attacker now has access to the user’s PayPal account and can steal from the user.

Financial employees are often victims of more advanced attacks. They use social engineering and online recon to trick them into transferring money into the sender’s bank account.  To the user, the email seems legitimate. And most attackers use elements from an official website to make it more believable. An example of an email spoofing with a PayPal phishing attack is below.

Read On

With a typical email client like Microsoft Outlook, when a user sends a new email, the sender address is documented automatically. Even with this feature, when sending a message, an attacker can use basic scripts in any programming language to configure the sender address to any email address of their choice. Email API endpoints permit a sender to name a sender address. Irrespective of whether such an address exists. With this, servers for outgoing emails cannot determine the legitimacy of the sender’s address.

Using the Simple Mail Transfer Protocol (SMTP), outgoing emails are retrieved and routed. When ‘send’ is clicked by a user, the message is first sent to the outgoing SMTP server. Set up in the client software after which it identifies the receiver domain and passes it to the domain’s email server. The message is then sent to the right user inbox.

The email headers contain the IP address of each server an email message passes through as it moves across the internet. The headers reveal the true route and sender which many users don’t check before communicating with a sender. The three main elements of an email are:

  • The sender’s address
  • The receiver’s address
  • The body of the mail.

The Reply-To field is another element in phishing. Its configuration is from the sender and uses phishing attacks. This field informs the client email software where to send a reply which could differ from the sender’s address. SMTP protocols and email servers once again do not confirm the legitimacy of the email. This aspect is up to the user to realize that the reply is the wrong address.

More Info

An example is assuming a user receives an email allegedly sent from Elon Musk with the email address e.musk@tesla.com. There are two sections in this email header to examine: the receiving section and the receive SPF section. The first clue that it’s a case of email spoofing is in the receiving section which reveals that the email manages by the email server email.random-comoany.nl. The receive SPF section is the best field to check as in this case, it has a ‘Fail’ status.

SPF (Sender Policy Framework), a security protocol set as a standard in 2014 works together with DMARC (Domain-based Message Authentication, Reporting, and Conformance) to stop phishing and malware attacks.

SPF has become popular among most email services as it helps in fighting phishing by detecting spoofed emails. It is the responsibility of the domain holder to use SPF by first configuring a DNS TXT entry stating all IP addresses allowed to send emails on behalf of the domain. With this configuration, receiver email servers can look up the IP address. When a message is received make sure it matches the email domain’s permitted IP addresses. When it matches, the received SPF field shows a ‘Pass’ status and a ‘Fail’ status if it doesn’t. Receivers should endeavor to check this status whenever an email with links or attachments is received.

Data on Email Spoofing And phishing

Having SPF and DMARC configured will automatically reject or re-channel to the spam folder any email that fails validation. While targeting people and businesses, one successfully tricked user can lead to money and credentials theft.

With virtually the world making use of email services, it’s no surprise it has become one of the most serious cybersecurity issues. Check out the following statistics.

  • More than 90% of cyber-attacks begin with an email message
  • The average scam tricked users out of $75,000
  • About 3.1 billion domain spoofing emails use per day
  • In 2019, of the 467,000 successful cyber-attacks, 24% of them were email-based according to the FBI
  • Since 2016, an estimated $26 billion has been the cost of the worldwide impact of email spoofing and phishing.

CEO fraud also known as business email compromise (BEC) is a popular attack that uses email spoofing. In BEC, the sender’s email address is spoofed to impersonate the owner of a business. Employees in the financial and accounting departments are the usual targets for attacks like this. Intelligent employees also fall victim to this attack especially when they believe the request came from senior staff, a person of authority. Some high-profile examples of phishing scams are highlighted below:

  • Tricked into transferring $3 million to a Chinese account, Mattel was lucky enough to get back the money when the cheated financial executive was able to confirm that the email wasn’t from Christopher Sinclair, the CEO
  • The Crelan bank in Belgium was con into sending attackers €70 million
  • Claiming to be Steve Kanellakos, the city manager, the Canadian City Treasure was con into sending $98,000 from the taxpayer funds.

Safeguarding yourself from Email Spoofing

With email security in place, some malicious messages still manage to reach users’ inboxes. Irrespective of your role at work, here are some steps to take to avoid becoming a victim of email spoofing:

  1. Chances are the text of a spoofing email has already been reported and printed online. To avoid spoofing copy and paste the content of the email message online.
  2. Avoid opening attachments from unknown senders
  3. Never click on a link to access a website seeking authentication. Always type the official domain in your browser and do the authentication directly.
  4. Beware of emails with grammatical errors with claims of mail from an official source.
  5. Since the steps to view email headers are different for each email client, first Google how to view email headers for your inbox software. Then look for the received SPF section from the email headers and check for the pass or fail validation response.
  6. Be suspicious of emails that create a sense of urgency. Most BEC and phishing attacks try to create a scenario in which a failure to follow the email’s content immediately will have repercussions. Accepting emails with links, treat them with caution if it warns of pending account closures or any suspicious activity on your financial accounts. Visit the appropriate website directly through your browser rather than the link.
  7. Any email that promises anything unrealistic or too good to be true is likely, not true.

Read On

Spam and phishing emails can use spoofing to trick recipients because they lack in-built authentication mechanisms in their original transmission protocols. Spoofing from internet sources is now more difficult but has not been eliminated by recent measures. Few internal networks have defenses against a spoof email from a colleague’s computer on a network that has been compromised. While individuals deceived by spoof emails may suffer serious financial losses, businesses tend to experience more compound losses because email spoofing is one of the primary methods to embed ransomware.

Here are some practical facts about how it works

The initial connection when an SMTP (Simple Mail Transfer Protocol) provides two types of address information:

  • Mail From:  this mostly presents the receiver as the Return-path header. But since it is not visible end-user, no checks accomplish. That the sending system authorizes to send on behalf of that address.
  • RCPT TO:  this specifies the email address to which the message is to be delivered. Although it is not normally visible to the end-user it may be present in the headers as part of the received header.

The two address information is “Envelope Dressing” about the traditional paper envelope. Unless a signal is sent by the receiving email server that a problem was detected with either of the two address information, the DATA command is sent by the sending system, and other several header items

  • From: John Q Doe johnqdoe@eample.com> – this is the address visible to the recipient. But no checks automatically accomplish the confirmation that the sending system is to send a message on behalf of that address
  • Reply-to: Jane Doe janedoe@example.com – this is also not checked

Read On

And sometimes this header also transmits.

  • Sender: Yin Yo yinyo@example.com – this is also not checked.

What happens is that the email recipient sees that the mail came from the address in the From header. They may be able to find the Mail From address and if they reply to the mail. It will either transmit to the address proposed in From or Reply-to header. None of these addresses is usually reliable and as such automatically bounce messages may generate.

While in email spoofing, the email address is useful, the IP address of the computer the mail transmits from can be recognized from the  ‘Received’ line in the email header. The IP address is probably from a computer of an innocent third party contaminate with malware.

Harmful Uses Of Spoofing

BEC and phishing scams usually involve an element of email spoofing.

Some public incidents with major business and financial consequences attribute to email spoofing. In October 2013, an email spoof to look like it was sent from the Fingerprint Cards. A Swedish company receives a news agency stating that Samsung offered to buy the company. The news spread like wildfire and the stock exchange rate increased by 50%.

Klez and Sober which are malware modern tend to search for email addresses within the infected computer. The addresses serve as both targets and trustworthy addresses for the From fields in the sent emails. This is done to increase the probability of it being opened. For instance:

  1. Mary receives an infected email which she opens thereby running the worm code
  2. The worm code goes into Mary’s email address contact book and finds the addresses of Liam and Peter
  3. From Mays’s computer, the worm sends an infected email to Liam which is spoofed and appears to him like it was sent from Peter.

In this scenario, even if Jake’s email identifies the incoming mail as malware, the fact that he sits from Peter, even though it’s actually from Mary’s computer makes him trust it. On the other hand, Mary may remain oblivious to the fact that her computer infects and Peter isn’t aware too unless he receives an error message from Liam.

What’s the discrepancy between Email spoofing, Spam, and Email Phishing?

The significant difference between a spam message and a spoofed message is that only spoofed messages contain forged email headers pretending to be from someone else. The objective of both phishing and spoofing emails is to trick the recipient into believing the message is from a legitimate sender. However, while the purpose of compromising personal and financial information is the main intent of the phisher, spoofing emails is just a way of achieving this.

Legitimate Uses of Email Spoofing

‘Legitimately spoofed’ email was a popular thing in the early days of the internet. A user might for instance use the SMTP server of a local organization to send a mail from the user’s foreign address. This was a popular practice because most servers undergo configuration as open relays. The type of legal use reduced as spam emails became a problem.

A case of a customer relationship management (CRM) receiving a mail from a website and having to create a profile for the email associated with the new contact to log the incoming mail is an example of a legitimate spoofing. The system will design and develop profiles using the sender of the email. The outgoing email will be spoofed from the website by a dispatching website. The email transmits in a way that will make it look like it comes from the submitter with their information as the sender’s name and email address. Then log by the system as configured.

Spoofing sometimes helps to ease communication when multiple software systems need to interact with each other through email. It aids in a situation where an email address is configured to automatically forward incoming emails to a system that only receives emails from the email forwarder. This system is common among ticketing systems that communicate with each other.

The consequence of email spoofing on mail servers

Normally, a Non-Delivery Report or bounce message is sent if the mail servers receive a mail item it couldn’t deliver or quarantine for any reason. This report of the message sent to ‘Mail from’ which is the return path address. With false addresses being on the rise, the practice of generating of NDRs for detecting spam and viruses deny. And now the rejection of email during the SMTP transaction is acceptable. When mail administrators fail to follow this approach, their systems are guilty of sending backscatter emails to innocent parties.

Possible Solutions

While the SSL/TLS system used to hide server-to-server mail traffic can also be employed in ensuring authentication, in reality, it is rarely used and a range of other likely solutions have failed to work well.

However, some defensive systems use now. They include:

  • SPF (Sender Policy Framework): this is an email authentication method designed to identify forged sender addresses during the delivery of the email
  • DMARC (Domain-based Message Authentication, Reporting, and Conformance): this is an email authentication design to enable email domain owners to have the power to protect their domain from spoofing emails. The primary aim of implementing DMARC is to protect a domain from being in BEC attacks, phishing emails, and other cyber threat activities.
  • Domain Keys Identified Mail: this email authentication method configuration is to identify forged email sender addresses.

A proper configuration for these higher standards of authentication is needed by the sending domains, mail ser, vers, and the receiving system to successfully stop spoofed emails from being delivered. Although these systems are increasingly being used, estimates on the number of emails having no form of authentication were low. Due to this, receiving mail systems generally have a lot of settings to set up as to how they treat poorly-configured emails.

The BEC attacks

BEC (Business email compromise) attacks make use of email fraud to attack government and non-profit organizations that affect them negatively. A business breached by a spoofed email can suffer additional financial and reputational damage.

Usually, an attack has specific roles they target within an organization. The attackers usually send a spoof email seemingly sent by a senior colleague of the organization or from a trusted customer. This type of attack also known as spear phishing issues orders like payment approvals with the emails using social engineering to make the victims fall for the trick.

The global financial impact of email spoofing is very large with the United State’s Federal Bureau of Investigation recording about $26billion in US and international losses relating to BEC attacks between June 2016 and July 2019.

This article will be discussing the definition of email spoofing. Instances of Email Spoofing and how it operates. Data on Email Spoofing And phishing. Safeguarding yourself from Email Spoofing. Here are some practical facts about how it works. Harmful uses of spoofing? The consequence of email spoofing on mail servers.

Lastly, here is a list of more interesting topics you might want to read:

  1. Blockchain Technology
  2. Defi
  3. NFTs
  4. DAOs
  5. Crypto
  6. Web 3.0
  7. Altcoin Tokenomics
  8. Metaverse
  9. Smart Contracts

Leave a Comment