Email
spoofing is the forgery of an email header so that the message appears to have
originated from someone or somewhere other than the actual source. Distributors
of spam often use spoofing in an attempt to get recipients to open, and
possibly even respond to their solicitations. Spoofing can be used
legitimately. Classic examples of senders who might prefer to disguise the
source of the email include a sender reporting mistreatment by a spouse to a
welfare agency or a ''whistle-blower'' who fears retaliation. However, spoofing
anyone other than yourself is illegal in some jurisdictions.
Email spoofing or forging, according to
MICHELLE MISTA, is "an email that is sent from one source pretending to be
another. It is a common form of unsolicited mail and almost always has a
malicious intent, usually to obtain sensitive information. In many cases, a
malicious email will be spoofed to pretend that it is from a reliable source,
usually a well known company. Spoofed emails may also contain links that take
the receiver to a webpage that may look legitimate but is not. Spoofed emails
will often try to dupe the receiver into revealing sensitive information, such
as usernames, passwords or other identifying details".
In order to make spoof emails seem
legitimate, the email body uses the names, logos, graphics and even legitimate
web addresses and email addresses in some fields. The action links in the spoof
emails almost always take you to a spoof web site. Spoof emails can be sent
also as an attack against you or your organization, with fraudulent offers,
bogus announcements or malicious contents.
Examples-Examples
of spoofed email that could affect the security of your site include-
(1)
Email claiming to be from a system administrator requesting users to change their
passwords to a specified string and threatening to suspend their account if
they do not do this.
(2)
Email claiming to be from a person in authority requesting users to send them a
copy of a password file or other sensitive information.
Intensity of security
risk:-
Although most
spoofed emails fall into the "nuisance" category and require little
action other than deletion, the more malicious varieties can cause serious
problems and security risks. For example, spoofed email may purport to be from
someone in a position of authority, asking for sensitive data, such as
passwords, credit card numbers, or other personal information, any of which can
be used for a variety of criminal purposes. The Bank of America, eBay, and
Wells Fargo are among the companies recently spoofed in mass spam mailings. One
type of email spoofing, self-sending spam, involves messages that appear to be
both to and from the recipient.
Working of Email
Spoofing:-
Email spoofing
is a trick used by email spammers. It works as following-
In order to send email you need to
include a return address, or else the receiving server will most likely reject
the email as invalid or spam. Spammers need a return address for their spam
messages but they do not want to use their own address for fear of being
caught. Also, since so many spam messages get bounced, the spammer does not
want to receive thousands of bounce messages.
Unfortunately, one of the fundamental
flaws of the email system is that you can put any return email address you like
on your email- it doesn't have to be your own. This means that spammers can use
someone else's email address as the return address on their spam. This makes
their spam seem more legitimate while passing all the problems on to some poor
innocent victim.
Process involved in
spoofing:-
Spammers spoof
mail headers in email messages to fool spam filters into letting the message
through. The tactic can also increase the spam message's seeming legitimacy.
You're more likely to open email that purports to come from a person or a
company you know than email that comes from a total stranger.
The process of spoofing an email, as
explained by H. Buss in wiseGEEK, is almost as easy as writing the wrong return
address on a piece of mail. The standard used for sending Internet email,
called Simple Mail Transfer Protocol (SMTP), allows a user to write in any
correctly formatted email they want. An email's originating address does not
have to match with the sending address to go through in an SMTP system. Spoofed
emails are usually sent by robot programs designed to send mass spoofed emails.
Email Spoofing, why
possible:-
Email spoofing is possible because
Simple Mail Transfer Protocol (SMTP), the main protocol used in sending email
does not include an authentication mechanism. Although an SMTP service
extension (specified in IETF RFC 2554) allows an SMTP client to negotiate a
security level with a mail server, this precaution is not often taken. If the
precaution is not taken, anyone with the requisite knowledge can connect to the
server and use it to send messages. To send spoofed email, senders insert
commands in headers that will alter message information. It is possible to send
a message that appears to be from anyone, anywhere, saying whatever the sender
wants it to say. Thus, someone may send spoofed email that appears to be from
you with a message that you did not write.
Courtesy:-
Legal Point Foundation
No comments:
Post a Comment