How does it work?
Email clients use Switch Mail Transfer Protocol(SMTP) that communicate with the mail servers to send emails. This protocol is used by SMTP daemon that runs on port 25 of a mail server by default. When the user composes an email and clicks on SEND button, the email client issues SMTP commands automatically to the remote mail server and sends the message.
SMTP protocol is so vulnerable that an attacker can send forged emails to the remote user easily. It is possible to connect to the SMTP port 25 of a remote mail server manually and use SMTP commands to send forged emails.
How email forging can be performed?
There are a number of free tools available on the internet to forge emails. Website like www.anonymizer.in and www.emkei.cz allow anyone to send emails in the name of anyone or without signing into their accounts.
Take a look at the email form below that is allowing attackers to enter a fake name and email ID in the 'From' fields.
It even allows to attach a file that would exploit at the receivers side. The advanced settings allow you to choose the reply path, port number, SMTP server and more options to make the forging more spoofy.
When filled up the form would look like this,
When filled up the form would look like this,
When clicked on 'Send' button, it sends the message to the email ID given in the form. It is shown as the status as follows,
There exists a number of tools online to send fake emails for free. We should be aware of detecting fake emails which is what I talked about further.
There exists a number of tools online to send fake emails for free. We should be aware of detecting fake emails which is what I talked about further.
Detecting fake emails
Detecting fake emails is so easy. If you notice clearly, there would be an option to find out the details of the fake email sender. Click on the arrow mark to view the advanced options regarding the email you have received.
Click on 'Show Original' option. A separate tab with HTML version of the email is opened in the browser. Observe the "Received From:" field and compare it with the sender's email ID. You would caught it fake if any non-resemblances found.
Counter Measures
Defending the email forging starts with knowing the counter measures you should take. Email servers provide utmost security against the spoofing emails. You may find a lot of them in your 'Spam' folder.
The following are the most common measures to fight against the email forging or spoofing. You may practice your own security measures along with these ones.
- Avoid emails from unknown resources
- Maintain a safe mailing list
- Do not reply to suspicious or unknown emails with your details they've asked for.
- Better to delete such emails as immediately as you find them fake.
- Fake emails usually have attractive titles.
- Fake emails address victims with the words 'Dear Customer', 'Dear Applicant', 'Dear Winner' and alike.
- Never click on the links in such emails. If you want to know if they are fake or real, open them in another tab in your browser manually.
Hope we've been successful educating you about email forging or email spoofing. We wish you be careful with such emails.
Post a Comment