Most of us know spam when we see it, but seeing a strange email from a friend—or worse, from ourselves—in our inbox is pretty disconcerting. If you’ve seen an email that looks like it’s from a friend, it doesn’t mean they’ve been hacked. Spammers spoof those addresses all the time, and it’s not hard to do.
Over 95% of email sent over the internet consists of unwanted email: “spam”. Most spam uses spoofed addresses. If your domains are being used in spam messages, spammers may be taking advantage of your users to:
- Steal their credentials by sending “phishing” messages.
- Trick them into falling for online scams by abusing the trust they have in your site.
- Spread malware by sharing malicious attachments.
Email spoofing is one of the most common forms of cybercriminal activity. It underpins the mechanism required to conduct hacking activities such as spear phishing and business email compromise, and it can take many forms. Unfortunately, most email users will eventually receive an email that has been spoofed—whether they know it or not.
Display name deception is the most common form of email spoofing and is often successful because many email clients (especially on mobile devices) show only the display name. With this kind of attack, criminals can insert the identity of a trusted individual (such as the name of an executive of the targeted company) or a trusted brand (such as the name of the bank used by the targeted individual) into the display name. Since common consumer mailbox services such as Gmail and Yahoo allow a user to specify any value in the display name, this type of attack is simple and cheap to stage from such a service.
Throughout the past few years, there has been an increase in business email compromise attacks, which typically spoof CEO and CFO email addresses to initiate wire transfers. Recent research from the Agari Cyber Intelligence Division indicates that this tactic is also being used to request small-dollar gift cards for charity events or to reward staff for their work. In these cases, the email is typically coming from an executive at the organization and is directed to either an executive assistant or to junior employees in his or her department.
This type of an attack is commonly paired with malware with banking virus’s like:
Code Red, One of the most well-known viruses to date is the Code Red virus. It caused over $2 billion in damages in 2001, and had the ability to break into computer networks and exploit weaknesses in Microsoft software. Once the virus infected the machine, it actively looked for other machines on the networks to attack.
And there has been tons of these over times Zeus, Spyeye, Zitmo, just to name a few
Stop Spam today helps to put an end to these emails by blocking them before they even arrive in your mailbox. Don’t be fooled. Get Stop Spam today, includes risk free 30-day trial