“Your PayPal account has been locked!”
“Confirm your Bank Information Now!”
“You’ve Received a Secure Fax From The IRS.”
Email spoofing is the creation of email messages with a forged sender address - something which is simple to do because the core protocols do no authentication. Spam and phishing emails typically use such spoofing to mislead the recipient about the origin of the message.
A number of measures to address spoofing are available including: SPF, Sender ID, DKIM, and DMARC. Although their use is increasing, it is likely that almost half of all domains still do not have such measures in place. Email spoofing, the process of sending emails designed to appear as if they were sent by another sender, is certainly not a new method of distributing malware that harvests personal information or financial data. Each year, potentially hundreds of new spoofing schemes appear, ranging from emails claiming to contain faxes from the IRS to videos of social events such as the Boston marathon bombing.
Mere hours after the recent Oklahoma tornadoes, the various email traps (often referred to as SpamPots, a take on the term HoneyPot) used by the StopSign research and development team to collect samples and monitor trends had already seen several large surges of emails attempting to capitalize on the disaster, almost all of which containing attached viruses or links to malicious web sites.
There are several key actions you can take to protect yourself.
- Don’t Click the Link — If a bank or merchant needs your information, you will always be able to enter it directly on their website, logging in as you normally would.
- Don’t Open the Attachment — If you are not expecting an email attachment, or if it seems out of character for the sender, don’t open the attachment, even if the sender is someone you know personally.
- Update Your Virus Scanner — Even emails you were expecting, and from people you know and trust, can contain viruses and links to malicious sites the sender may not have noticed.
Scanning every unknown file is always good policy, regardless of its origin. Even large corporations, which may rely on the browsing and email habits of hundreds if not thousands of people, are not free from the risk of infection. On more than one occasion, history has even seen companies accidentally distribute viruses via CD and even seemingly harmless devices containing flash memory. You can safeguard your own computer, but you can never account for another’s actions.
When an SMTP email is sent, the initial connection provides two pieces of address information:
- MAIL FROM: - generally presented to the recipient as the Return-path: header but not normally visible to the end user,and by default no checks are done that the sending system is authorized to send on behalf of that address.
- RCPT TO: - specifies which email address the email is delivered to, is not normally visible to the end user but may be present in the headers as part of the "Received:" header.
Together these are sometimes referred to as the "envelope" addressing, by analogy with a traditional paper envelope.
Once the receiving mail server signals that it accepted these two items, the sending system sends the "DATA" command, and typically sends several header items, including:
- From: Joe Q Doe <joeqdoe@example.com> - the address visible to the recipient; but again, by default no checks are done that the sending system is authorized to send on behalf of that address.
- Reply-to: Jane Roe <Jane.Roe@example.mil> - similarly not checked
The result is that the email recipient sees the email as having come from the address in the From: header; they may sometimes be able to find the MAIL FROM address; and if they reply to the email it will go to either the address presented in the MAIL FROM: or Reply-to: header - but none of these addresses are typically reliable
Safe browsing!. is my responsibility to keep u more secure ...
0 comments :
Post a Comment