Exploration of Email Spoofing

Since the beginnings of the internet, challenges of email spamming, spoofing and phishing targeting identity theft have significantly increased. Every person owning an email address is at risk of these attacks since they can reach to anyone as long as you live on this earth. Due to lack of information or knowledge about these techniques of attack, people are unaware of the proper ways of protecting themselves from these types of threats. However, there exist tools which can detect and protect users from the malicious attacks. The aim of this lab was to explore the several ways and tools that can be used to defending users.

Section I – Exploration

1.    Explore and discuss the process of spoofing email.

Spoofing involves an attacker sending an email (disguised address) looking the same as an authentic email coming from another address. The disguised address will be available in the ‘from’ part of the email header section in the receiver’s inbox. Spoofers or attackers use this trick for several reasons, for example, they use it to act against the anti-spamming laws where they protect their original email not to be associated with the spam so as they can extract data from users. Therefore the ‘from’ email address will look authentic and similar to a specific organization to the receiver, making him or her release personal critical information such as banking information and others.

2.    Which type of information can be spoofed?

The SMTP does not have authentication hence most information in the email header can be spoofed for example the sent and reply-to fields.

3.    Is it legal to hide/alter sender information?

The use of third-party servers or domain name for other companies without permission is prohibited in some states as provided by the established legislative laws.

Section II

1. The primary objective of phishing email messages is to steal an individual’s identity. They use different approaches such as asking you for personal data or directing you to call phone numbers or redirect to individual websites to register or share your data with them.

2. Using your best judgment will help you escape from becoming a victim of the phishing scam. Every financial organization has guiding policies, and no single one can contact its customers to ask for critical data. Currently, most organization have even informed their customers that they will never ask them for secret information and you should keep it by yourself.  If you found this suspicions emails, use the button “Report as junk” in your email program to delete it or report the case by sending the email to the US Federal Trade Commission at [email protected].

3. Email spoofing involves the forging of email headers to appear as if they originate from somewhere or someone ‘authentic’ other than the actual source. Spammers use the spoof approach to trick recipients to mistakably respond to their needs. Spoofing can be used legitimately for example; some senders can disguise their email addresses to report cases such as spouse mistreatment to a welfare agency or some individuals who are fearing of being retaliated. But be warned that it is illegal in some jurisdictions to spoof anyone other than yourself.

Section III-

This lab enabled us to learn what exactly happens in the process of email spoofing and the possible reasons as to why people would spoof emails. Moreover, it is to our shock that the way we did not consider the legality of spamming was different from the legal laws dealing with email spoofing. Almost everyone can or receives phished or spoofed emails even if they are hidden in their emails or filtered into the SPAM folder or an email program. Thus it is essential to classify the authentic and non-authentic emails to avoid loss of sensitive personal data.