Spoofed e-mail messages just go harder to spot in your incoming mailbox.
Normally you can spot a phishing email by the return address, which is usually fake. The dead giveaway is that it not the same as spoofing company they are trying fake.
But there is new technique just made this harder to spot. The send email address and domain look legitimmate. This can be done specially crafted email, see below. Technically, The spoofed sender domain had a Sender Policy Framework (SPF)[3,4] record set.
MAIL FROM:<SPAMBOT@fromafakebutLegitdomain.com> <----- THIS IS CHECKED ONLY BY SPAM FILTERS RCPT TO:<you@gmail.com> DATA From: "DHL Express Shipping" <dhlexpress@shippping.com> To: "Receiver" <you@gmail.com>
Will look like this as an actual email, and convincing
So, if reply to this email, it will appear that it's going to dhlexpress@shipping.com as well.
Solution
You should really check the message source to detect if the email addresses are correct.
How to examine Email Message Source ?
Now let's look at message source:
- Outlook.com->Actions->View Message Source.
- Gmail.com->More (down arrow to top right)->Show original.
Check for suspicious links, anything that does not originate from correct domain, i.e. shipping.com.
Full Details @ https://isc.sans.edu/diary/rss/25426
No comments:
Post a Comment