Today, about 91% of cybersecurity breaches begin with an email. Hackers continue to develop clever ways of delivering malicious emails to unsuspecting victims which in turn leads to serious implications on any business’ network security. In this article, we will be discussing how email spoofing is used to create malicious email attacks such as phishing emails.
Email spoofing is the act of forging email headers so that it appears to be from a legitimate source. An email header is a code snippet in an HTML email that contains information about the sender, recipient, email’s route to get to the inbox, and various authentication details. The email header always precedes the email body.
The goal of spoofed emails is to trick recipients into trusting their origin and possibly respond to the emails. It is a common tactic used to fabricate spam and phishing emails.
Email spoofing can be easily achieved with a working Simple Mail Transfer Protocol (SMTP) server and mailing software like Outlook or Gmail. Once an email message is composed, the scammer can forge fields found within the message header such as the FROM, REPLY-TO, and RETURN-PATH addresses. After the email is sent, it will appear in the recipient’s mailbox that appears to come from the address that was entered.
This is possible to execute because the SMTP does not provide a mechanism for addressing authentication. Although email sender authentication protocols and mechanisms have been developed to combat email spoofing, the adoption of those mechanisms has been slow.
Email spoofing is a common tactic used by cybercriminals to send out spam and phishing emails. Spoofed emails can appear to be from trusted shopping websites, government institutions, suppliers, vendors, etc. With phishing, the goal could be to get their targeted victims to:
- Provide personal or financial information;
- Turn over intellectual property and other proprietary information or data;
- Perform a wire transfer or another electronic transfer of funds;
- Provide login information or other user credentials;
- Download a file from an email that contains malicious software
- Click on a malicious link.
A perfect example of email spoofing attacks is phishing emails that were being sent to Kenya Revenue Authority users from a spoofed email address firstname.lastname@example.org the month of June 2020. Just like a typical phishing email, the hackers used fear to trick recipients to perform an action by using the subject line ‘Penalty order’ while the email contents instructed users to download a malicious attachment in order to view the tax penalties imposed on them.
Email spoofing is also used to execute impersonation attacks such as business email compromise attacks, spear phishing and whaling attacks. These spoofed emails are intentionally designed to target more than just employees or random recipients.
Hackers use spoofed email addresses that appear to be from a company CEO or CFO with the aim of doping the recipient into transferring funds or sharing sensitive information such as passwords and credit card details.
Though email spoofing is popularly used to execute phishing attacks, hackers can also use email spoofing to avoid email blacklists, spam traps, commit identity theft and tarnish the reputation of the impersonated sender.
A spoofed email will appear to be from a legitimate or trusted source, but if you look closely, you may spot anomalies that identify the message as a spoofing attempt. In a spoofed email, the actual email address may be different from the display name. Also, the email address in the header will not match the sender’s email address, and the “Reply to” field in the header will not match the name of the sender.
So, how do you prevent your email address or domain from being spoofed in the future? And how do you help your employees recognize spoofed emails for what they are? We’ll answer both of those questions by discussing the following:
- SPF, DKIM, and DMARC email security standards
SPF outlines valid IP addresses that are approved to send emails for a specific domain.
DKIM allows you to establish greater trust by preventing spoofing emails from being sent as outgoing messages on your domain. It does this by updating the DNS entry of an email domain to add a digital signature to the message header and to ensure that the email remains unaltered from when it was sent.
DMARC is an email authentication, reporting and policy protocol that uses both SPF and DKIM to provide information about the email domain’s (its alignment, compliance, failures, etc.).
2. Email signing certificates
An email signing certificate, sometimes referred to as an S/MIME certificate or a personal authentication certificate is something that you can use to help email recipients verify whether an email is coming from you. These certificates do two things:
- Assert identity through the use of unique digital signatures
- Use public-key encryption to provide secure, end-to-end encryption for your emails. And considering that most email servers nowadays also use SSL/TLS encryption, it means that you can enjoy both data at rest and data in transit protection.
3. Cybersecurity awareness training
Email security awareness training for users and employees helps underlying security policies and engages them in assessing risks as part of their workflow. By preventing employees from inadvertently clicking on links or revealing sensitive information, email security solutions in place improves frontline security protection against the most common email-borne threats today.
3. Email header data
To identify email spoofing, take a closer look at the email header information of a suspicious email. This is because an email header contains a significant amount of data pertaining to the origin of an email. In addition to email subject line information and the basic “from” and “to” sender/recipient info, other email metadata you can find in the header properties include:
- the type of content
- browser information
- delivery date information
- suspicious flag or spam flags
- language used in the email, and
- Microsoft Exchange threat scan results.
Read more on how to view email headers on Gmail
Read more on how to view email headers on Outlook
There are countless ways which hackers will use to trick their victims and they are getting smarter every day. Here are some red flags that are common across most phishing emails;
- Links in the email may look exactly like the original, for example, domain names but will have grammatical errors or extra subdomains. Sometimes, hovering over the link could expose the true domain name.
- Generic salutations; a service provider, for example, should address an email to you using your name. A phishing email will use generic terms like sir or madam
- Link manipulation; a technique in which the scammer sends a link to a website. The user on clicking on the deceptive link will be redirected to the scammers’ website instead of the website indicated on the ‘link’. One of the anti-phishing techniques used to detect link manipulation is to move the mouse over the link to view the actual address.
- The email will try to push or force you into action by creating a sense of urgency for example, ‘Your account will be deactivated in 24 hours if you do not…”
- Some emails will try to reassure their legitimacy by encouraging you to verify your email or log into a website using a link that they will provide
- The body of the email will contain unsolicited web link attachments. Below is an example one of our clients received.
- If you happen to click on a link, you will notice that you will be redirected. This is where the hacker redirects to a site that will harvest your login credentials as you key them in
Pepea Email Security provides a best-of-breed email spam filter and antivirus protection. Deploying the latest threat intelligence and sophisticated multi-layer detection engines, this email security solution protects email and employees from spam, malware, phishing attacks, and other advanced threats.
With our email filtering solution, you can easily reduce the risk, complexity, and costs that are typically associated with email management solutions.
With Pepea Email Security, you can:
- Block spam – Pepea spam filtering uses multiple engines that are designed to stop 98% of spam with zero false positives.
- Stop malware and viruses – Our inbound and outbound filtering solution provides 100% anti-malware protection including zero-hour protection to detect new forms of malware and 100% availability.
- Minimize email downtime with an email spam filter and security solution that also protects against targeted attacks such as email spoofing and phishing attacks
- Enhance productivity by enabling users to manage their own lists of blocked users in our easy to use search and retrievable quarantine database
- Support mail validation technology including DKIM and DMARC.
- Increase your organization’s email uptime with 24/7 technical support services
- Protect your business reputation with outbound filtering that prevents hackers from using your system to send out spam emails
- Reach the right recipient mailbox and prevent blacklisting with outbound filtering
Our software as a service (SaaS) email filtering system will save you time by reducing spam processing time to an absolute minimum.
- Hosted email spam filtering gateways that reduce email management complexities and offer increased service reliability
- Supported mail servers; Sangari spam filtering supports all types of mail servers
- Searchable quarantine database and reporting
- 24/7 reliable technical support should need assistance
- Email queuing that stores emails when your mail server is unreachable
- Managed services; we deploy, monitor, secure, maintain and update our spam filters while you focus on other activities
- Integration and automation; Sangari customizes its solution to fully integrate our spam filters with the main control panels and other collaboration tools for email such as Cpanel
- Mail validation technology including DKIM and DMARC
- Zero hour antivirus protection that detects and captures new forms of malware
The threat of email spoofing and phishing will continue to persist as long we continue to use email for personal and business communication purposes. Business decision-makers must, therefore, secure their mailbox from these attacks by employing an effective and reliable email security solution.