Email Spoofing ~ latest-cracker

Ads 468x60px

Monday, June 4, 2012

Email Spoofing

Welcome to the era of  trickery, where  you may be able to trust your some friends, but can no longer trust their e-mails. Identity theft is quickly becoming the biggest issue when it comes to e-mail, and it has a name: e-mail spoofing. 


Email spoofing is an act by which you can send mail pretending to come from any fake address( For example 'support@microsoft.com', 'admin@facebook.com' etc.). No matter if you have access to the  sender address or not, even no matter if the sender address exists or not. It is a very common strategy used among hackers and spammers. It is becoming so common that you can no longer take for granted that the e-mail you are receiving is truly from the person identified as the sender.






Why Email Spoofing?
Senders do this for various reasons, including: 


  • The e-mail is spam and the sender doesn’t want to be subjected to anti-spam laws 
  • The e-mail contains a virus or Trojan and the sender believes you are more likely to open it if it appears to be from someone you know.
  •  Email contains a phishing page to hack your account.
  • The e-mail requests information that you might be willing to give to the person the sender is pretending to be (for example, a sender might pose as your company’s system administrator and ask for your network password), as part of a “social engineering” attack.
  • The sender is attempting to cause trouble for someone by pretending to be that person (for example, to make it look as though a political rival or personal enemy said something he/she didn’t in an e-mail message).


How does it work?
Email spoofing is done by altering the original 'sender email id', 'sender name' and other parts of the mail. This is possible because the Simple Mail Transfer Protocol (SMTP) does not support any type of sending authentication.


There are many ways to do so, some are as following:
1. Using Command prompt
2. Using email desktop services like Outlook
3. Using Websites offering mail spoofing
4. Using php scripts, to built own mail spoofing website.




I will write about all procedures in detail in coming posts, but here just providing names of some sites that offer mail spoofing, so that you can do some experiments and can understand about it. Some sites are:
1. http://emkei.cz/ (with advanced options)
2. http://deadfake.com/Send.aspx 
Note: These sites are tested and working fine for gmail. 

Examples of E-Mail Spoofing
Recently i have written about Adobe software update Fake mail, which is also an example of email spoofing.




Identifying Spoofed email: 
One can do it by checking original header of email. Usually the spoofed email's header have an email address or SMTP address in sender email which is different than the email showing on the received mail.  or it can have other website which has nothing to do with the sender id,  or sometimes you can see the original email id of sender in 'reply to', if he/she is willing a reply from you 

0 comments:

Post a Comment

 

money mail