fbpx

How does email spoofing work? How do people Phish? Why does it look like my bank sent me a message when in fact it’s a hacker?

Background

When the internet was invented there was a lot of trust between the original pioneers that worked at universities. One of the first applications to be developed was email. Email was designed in a way to be easy to use – security wasn’t such a big deal back then. Of course with the proliferation of the internet, spammers soon started making use of the lack of security.

Technically it’s possibly for anyone in the entire world, not even just hacker, to specify any email address as a FROM: address.

Try it in Outlook, it will take you 2 minutes. You can specify *any* FROM: address.

So how email spoofing works, it uses someone else’s address. It could be a legitimate address, anyone’s email address. Then if a the bounce happens, it goes back to the address that was chosen.

So at first glance, there is absolutely nothing you can do about it. Someone out there is trying to phish and they’re using a legitimate address as bait.

Here is a high level overview that every person working with email at an ISP should understand:
https://en.wikipedia.org/wiki/Email_spoofing

With more time protections grew, and now there are a host of common one prevailing in email that needs to be there for SPAM to be minimized. Here are four common ones:

  • SPF
  • DKIM
  • DMARC
  • Sender ID

Almost all hosts have SPF configured by default but you’d have to check if the other’s are present.

But the problem is, and it’s in the last paragraph of that Wikipedia article:

To effectively stop forged email being delivered, the sending domains, their mail servers, and the receiving system all need to be configured correctly for these higher standards of authentication. Although their use is increasing, estimates vary widely as to what percentage of emails have no form of domain authentication: from 8.6%[7] to “almost half”.[8][9][10] For this reason, receiving mail systems typically have a range of settings to configure how they treat poorly-configured domains or email.[11][12]

Translated:

* Only effective if stopped if both RECEIVING and SENDING systems honour the settings. So you won’t always have control and you cannot control other’s people incoming and outgoing email servers.
* Only half of mail server actually honour security

What we tell most people who use the internet, to avoid phishing:

Don’t click on links

That’s why the bank often sends phishing warning reminder emails telling their users to not click links. If you are a victim of phishing, this could be one way of getting the message across – send bulk email to your users.

 

Share this article

Share on facebook
Share on twitter
Share on linkedin

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top