How Hackers are Using Your Address Book Against You
July 26, 2018SamSam Ransomware Alert
December 5, 2018When Nigerian Princes and fake FBI agents pop up in your inbox, it’s easy to spot the spam emails that plague us these days. However, it’s those authentic-looking emails from vendors, retailers, charitable causes etc. that make it hard to determine if they are the real deal or not.
Cybercriminals use a tactic called e-mail spoofing to disguise their identity, for their own personal gain. And it’s not hard to do! We’ll step you through the signs to look for, how it’s done, and how to protect yourself and your family members from email spoofing and some of the more obvious tricks of the trade.
What is E-mail Spoofing?
Email spoofing is a trick scammer and cybercriminals use to make their email address appear to be coming from a trusted organization, close friend, or someone you’re expecting to hear from. Take the email below for example:
While the “From” address says Home Depot and includes a legitimate enough looking Home Depot email address – this is a phishing email. Hard to tell, right?
If you hover over the link, it becomes more apparent. But 9 times out of 10 the Content Marketing Specialist won’t edit the link’s destination to make it this obvious. So how do you tell what’s a phishing email if the links don’t give it away?
That’s where email headers come in.
What are Headers and How Do I Inspect Them?
There are 3 parts that make up each email you receive.
- Body
- Envelope
- Header
The body is the most familiar. This is the place where all the content exists. The envelope is a process that routes the email to the correct location, something the sender or recipient will never see, and then there’s the header.
An email header identifies routing information that identifies who, when, and where a message is being sent to and from. It includes fields that you’re familiar with, like “FROM”, “TO”, “SUBJECT”, “CC”, etc. However, there’s quite a bit more information contained in the header that’s hidden out of plain sight. And that’s where we can get to the bottom of who really sent you an email.
Let’s take a look at an example.
First, you have to navigate to the header information. Select the email in question and click File > Properties. You’ll get a dialog box that looks like the one below. The section highlighted in red is your header information for that email.
While this may look complicated, once you know what you’re looking for, you can determine if the original sender is who they say they are. For the example above, I’m looking for a line of text that mentions “Home Depot”, since that’s where the e-mail claimed to be from.
However, when scrolling through, I noticed something that stood out to me. The line below should catch your eye as suspicious:
X-Note-Reverse-DNS: phishtest.phishgoggles.com
This means the email didn’t originate from Home Depot at all. It originated from a Phishgoggles.com address, meaning this email was part of a mock phishing training exercise from Phishgoggles Security Awareness Service.
Now we know the true origins of this phishy message.
How Do Hackers Do This?
Spoofing emails is pretty easy if you have the right tools. All you need is the right mailing software and something called a SMTP server (which is just a fancy name for a server that can send email). The software gives you the ability to type in exactly how you want the “From” email to appear. Then hackers can input whatever malicious links, attachments, or content into the body of the message. Press send and it’s done. A spoofed email is as simple as that.
What Can I Do to Protect Myself?!
Unfortunately, inspecting your headers is the only way to tell that the email isn’t from the person it looks like it’s coming from. Nobody has time for that.
You can make progress by strengthening your spam filters, never clicking links or opening attachments, and making sure your anti-malware and filtering software is up to date.
However, training and educating yourself and your staff on what to look for can significantly help reduce your risk. A few minutes a week of Phishgoggles Security Awareness Service can help you identify even the most sophisticated phishing messages through an ongoing cycle of simulated phishing, testing, education, and reporting.
Learn more about investing in upgrading your staff’s human security controls at phishgoggles.com