21 February, 2016

Email Spoofing: Working and Process

          Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Distributors of spam often use spoofing in an attempt to get recipients to open, and possibly even respond to their solicitations. Spoofing can be used legitimately. Classic examples of senders who might prefer to disguise the source of the email include a sender reporting mistreatment by a spouse to a welfare agency or a ''whistle-blower'' who fears retaliation. However, spoofing anyone other than yourself is illegal in some jurisdictions.
Email spoofing or forging, according to MICHELLE MISTA, is "an email that is sent from one source pretending to be another. It is a common form of unsolicited mail and almost always has a malicious intent, usually to obtain sensitive information. In many cases, a malicious email will be spoofed to pretend that it is from a reliable source, usually a well known company. Spoofed emails may also contain links that take the receiver to a webpage that may look legitimate but is not. Spoofed emails will often try to dupe the receiver into revealing sensitive information, such as usernames, passwords or other identifying details".
In order to make spoof emails seem legitimate, the email body uses the names, logos, graphics and even legitimate web addresses and email addresses in some fields. The action links in the spoof emails almost always take you to a spoof web site. Spoof emails can be sent also as an attack against you or your organization, with fraudulent offers, bogus announcements or malicious contents.
Examples-Examples of spoofed email that could affect the security of your site include-
(1) Email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not do this.
(2) Email claiming to be from a person in authority requesting users to send them a copy of a password file or other sensitive information.
Intensity of security risk:-
          Although most spoofed emails fall into the "nuisance" category and require little action other than deletion, the more malicious varieties can cause serious problems and security risks. For example, spoofed email may purport to be from someone in a position of authority, asking for sensitive data, such as passwords, credit card numbers, or other personal information, any of which can be used for a variety of criminal purposes. The Bank of America, eBay, and Wells Fargo are among the companies recently spoofed in mass spam mailings. One type of email spoofing, self-sending spam, involves messages that appear to be both to and from the recipient.
Working of Email Spoofing:-
          Email spoofing is a trick used by email spammers. It works as following-
In order to send email you need to include a return address, or else the receiving server will most likely reject the email as invalid or spam. Spammers need a return address for their spam messages but they do not want to use their own address for fear of being caught. Also, since so many spam messages get bounced, the spammer does not want to receive thousands of bounce messages.
Unfortunately, one of the fundamental flaws of the email system is that you can put any return email address you like on your email- it doesn't have to be your own. This means that spammers can use someone else's email address as the return address on their spam. This makes their spam seem more legitimate while passing all the problems on to some poor innocent victim.
Process involved in spoofing:-
          Spammers spoof mail headers in email messages to fool spam filters into letting the message through. The tactic can also increase the spam message's seeming legitimacy. You're more likely to open email that purports to come from a person or a company you know than email that comes from a total stranger.
The process of spoofing an email, as explained by H. Buss in wiseGEEK, is almost as easy as writing the wrong return address on a piece of mail. The standard used for sending Internet email, called Simple Mail Transfer Protocol (SMTP), allows a user to write in any correctly formatted email they want. An email's originating address does not have to match with the sending address to go through in an SMTP system. Spoofed emails are usually sent by robot programs designed to send mass spoofed emails.
Email Spoofing, why possible:-
Email spoofing is possible because Simple Mail Transfer Protocol (SMTP), the main protocol used in sending email does not include an authentication mechanism. Although an SMTP service extension (specified in IETF RFC 2554) allows an SMTP client to negotiate a security level with a mail server, this precaution is not often taken. If the precaution is not taken, anyone with the requisite knowledge can connect to the server and use it to send messages. To send spoofed email, senders insert commands in headers that will alter message information. It is possible to send a message that appears to be from anyone, anywhere, saying whatever the sender wants it to say. Thus, someone may send spoofed email that appears to be from you with a message that you did not write.

Courtesy:- Legal Point Foundation

No comments: