Subscribe

E-mail spoofing attacks double in a month

Staff Writer
By Staff Writer, ITWeb
Johannesburg, 15 Jun 2021

E-mail spoofing, or the creation of fake e-mails that seem genuine to fool users into actions that benefit an attacker, have nearly doubled from April to May this year.

According to Kaspersky, these attacks, which include downloading malware, providing access to systems or data, offering up personal details or transferring money, went from 4 440 to 8 204 over that period.

These “spoofed” e-mails regularly appear to come from legitimate organisations, putting not only the targets at risk, but the reputations of those entities whose domain was abused.

How they work

In addition, spoofed e-mails can be part of larger, multi-stage attacks, such as those that involve doxing organisations. Doxing attacks search for and publish private or identifying information about a particular person on the Internet, most often with malicious intent.

These kinds of attacks can also be carried out in a variety of ways, the security giant says. The most simple is what is known as “legitimate domain spoofing”, where someone inserts the domain of the organisation being spoofed into the “From” header, making it hard to distinguish a fake e-mail from the genuine article.

However, if a business has implemented one of the newer mail authentication methods, then bad actors must resort to other methods, says Kaspersky. These include “display name spoofing”, whereby malefactors spoof the individual sending the e-mail, for example, making it appear as if it was sent by a genuine employee of the company.

Lookalike domains

More sophisticated spoofing attacks involve lookalike domains, where attackers use specific registered domains that look similar to those of real organisations.

In one example, Kaspersky says cyber criminals sent out an e-mail that seemed to be from the German mail company Deutsche Post. The message claims the receiver needs to pay for the delivery of a package, but, if they click on the link to do so, not only will they lose three euros, they will hand their card details to the authors of the scheme.

On closer examination, users could note the spelling error in the domain name – and realise the e-mail was a fake. However, this is not possible with Unicode spoofing, the company adds.

Unicode is a standard used to code domains, but when domain names use non-Latin elements, these elements are converted from Unicode to another encoding system. The result is that, at a code level, two domain names may look different, such as kaspersky.com and then kaspersky.com with a Cyrillic y, but when the e-mails are sent, they’ll both appear as “kaspersky.com” in the “From” header.

Roman Dedenok, a security expert at Kaspersky, says although spoofing may seem primitive when compared to some of the other techniques used by attackers, it can be highly effective.

“It can also just be the first stage of a more complex business e-mail compromise attack that could lead to identity theft and business downtime, as well as significant monetary losses,” he adds.

Adopt email authentication

However, there are a range of anti-spoofing protection solutions available and new authentication standards that can keep businesses e-mail secure, he adds.

To lessen the risk of falling victim to spoofing, Kaspersky experts recommend adopting an e-mail authentication method, such as SPF, DKIM or DMARC for corporate e-mail.

In addition, implement security awareness training that covers e-mail security, as this educates employees to always check the sender’s address when they receive e-mails from unfamiliar people.

Share