The trend of internet exploitation has moved away from viruses and trojans. Hackers are no more interested in just deploying these small infectious agents in others PCs unless there is any economic benefit in doing it. Getting access to the computers using technologies like malware, spambots, etc has become widely prevalent today.
Getting access to the computer of a well settled person is like getting access to his wallet. Since there is no complete solution for internet vandalism yet, awareness of the methods of exploitation is what can be helpful in present day situation. In our earlier article we have discussed on Website Spoofing. This article is about eMail spoofing – one of the common methods used by cyber criminals.
Understanding eMail Spoofing
A spoofed email is simply – an email sent impersonating a legitimate source. Generally, the sender will change the FROM address and other parts of the e-mail header like Return-Path, Reply-To, etc to make it appear that it originated from some other. This is generally done by adjusting settings of the email client like Mozilla Thunderbird, Outlook Express, Eudora, etc. There are a few websites too that offer sending of emails where the sender has option to enter any email address in the FROM or Reply-To fields.
Common Deceptive Tactics Used in eMail Spoofing
A standard email function like SMTP is used in email spoofing. The email programs allows them to modify email headers and thus forge the email originating identity. The most common deceptive tactic is that the spoofer sends out emails to thousands, even millions, of email accounts spoofed in name of a well-known company. The typical phishing email will contain a clever story designed to lure people into some action like clicking a link or button in the email or calling a phone number.
The link in the email might redirect you to a spoofed website which in turn will be used to capture data.
Possible Spammers intention behind a spoofed eMail
Though sending of spoofed emails is very simple compared to many of other deceptive online tactics, it has much higher potential to gain profits for the spoofer. Email spoofing is generally used for obtaining login details of financial information of a person. Once they have access to the account they can make withdrawals from the account or authorize payments for online purchases.
Identifying Spoofed eMails
Common methods to identify a spoofed email is as follows:
- Emails from banks or finance related sources that do not address you by the name you registered with them can be suspected as a spoofed email. Ebay, PayPal and banks will never send out general emails saying “Dear valued customer”, or “Dear member” etc…
- You can quickly tell if the link in the email is a spoof by hovering your mouse over the link in the email and comparing it with the link appearing in the status bar.
- View the “FULL message header” to know where the email came from
- Read your email carefully and look for any spelling or grammatical mistakes.
- Consider any website asking for your PIN (personal identification number) as a spoof.
- Some spoof sites will include pop-up message boxes. It is better if you do not entertain such emails.
- Most spoof emails will create a false sense of urgency like a message saying that your account will be locked out or deleted if you don’t act quickly.
Website spoofing is one of the deceptive snare used by cyber criminals for phishing. Internet is still a highly vulnerable place for transactions. Cyber-criminals keep finding different ways to exploit a user online. The only way to survive them is through conventional awareness and credible preventive measures.
What are Spoofed Websites?
A spoofed website is usually a replica of a legitimate website. Almost all the features of this site replicate the existing legitimate site including logos, fonts, colors, structure, etc. In few cases, even the URL of the spoofed site is almost close to the URL of the legitimate site so that it is easier for them to trick its visitor.
Techniques used in spoofing:
- URL Redirection: URL redirection is possible through web programming to refer a URL to another URL. Many big companies like Google, Microsoft, etc., use them for legitimate business purposes. However, this has become a phishing tool for cyber criminals.They use a legitimate looking URL (www.domain.com, for example). However, when a visitor tries to visit the site, it actually redirects him to a spoofed site (www.phisher.com). It is possible for the user to identify redirecting URLs by monitoring location bar of his browser.
- URL Cloaking: A legitimate looking URL is used to mask the URL of a spoofed site, by using ‘@’ symbol. Using @ symbol was originally intended as a way to include a username and password in the URL. When a user tries to open the legitimate looking URL, firstname.lastname@example.org, for example, it actually redirects him to the phishing site www.phisher.com, rather than www.bank-domain.com.
- Typo Scamming: Typos are inevitable when you are typing out on your keyboard. Cyber criminals use this as an advantage and register web addresses that resemble the name of a popular and legitimate site. These URLs are slightly differentiated by adding, excluding, or rearranging letters.For example, web address of a legitimate site www.bankm.com is differentiated as
Why beware of spoofed sites?
Spoofed websites are actual sources of phishing. The main job of the phisher is to convince the visitor that his spoofed site is legitimate. From then on it is the visitor who will be submitting his information to the phisher, unknowingly though. It can be his bank username and password, or any such information that is of economical value.
Cyber criminals also use spoofed websites to deploy malware into the visitors PC thus making it as a part of their botnet.
Precautions to take to avoid being a victim of spoofed sites
- Avoid using sites that do not have SSL/TLS certificate while you are banking, buying, selling, transferring money or using credit/debit cards online.
- Make it a habit of checking the SSL/TLS validity every time you visit a site before making financial transactions, by clicking on the lock icon.
- Never click a hyperlink to get to a website for financial transaction unless you are CERTAIN that it is a legitimate link.
- Just type out the URL yourself, use credible search engine results or copy paste it from your records.
- Do not use same username / password for all your online logins.