Monday, 10 March 2014

Email Spoofing

Email spoofing is the forgery of an Email header so that the message appears to have originated from someone or
somewhere other than the actual source.

 Distributors of spam often use spoofing in an attempt to get recipients
to open, and possibly even respond to, their solicitations. Spoofing can be used legitimately. There are so many ways to send the Fake Emails even without knowing the password of the Email ID. The Internet
is so vulnerable that you can use anybody's Email ID to send a threatening Email to any official personnel.


Methods to send fake emails 

1.Open relay server 

2.Web Scripts  

Fake emails:Open relay system 

 

An Open Mail Relay is an SMTP (Simple Mail Transfer Protocol) server configured in such a way that it allows anyone on the Internet to send Email through it, not just mail destined ‘To’ or ‘Originating’ from known users.An Attacker can connect the Open Relay Server via Telnet and instruct the server to send the Email.Open Relay Email Server requires no password to send the Email 

Fake Emails: via web script 


 

Web Programming languages such as PHP and ASP contain the mail sending functions which can be used to send Emails by programming Fake headers i.e.” From: To: Subject:”There are so many websites available on the Internet which already contains these mail sending scripts. Most of them provide the free service. 
Some of Free Anonymous Email Websites are: 

1.Mail.Anonymizer.name (Send attachments as well) 

2.FakEmailer.net 

3.FakEmailer.info 

4.Deadfake.com 

5.Emkei.cz 

6.sendanonymousemail.net

7.Revengemail.net  

8.Fakemailgenerator.com(this one is used for getting fake identity) 

Spam and Worms 

 

Malware such as Klez and Sober and many more modern examples often search for email addresses within the computer they have infected, and use those addresses both as targets for email, but also to create credible forged From fields in the emails that they send, so that these emails are more likely to be opened. For example:
Dave is sent an infected email which he opens, running the worm code.
The worm code searches Dave's address book and finds the addresses of Ron and Lynda
From Dave's computer, the worm sends an infected email to Ron, but forged to appear to have been sent by Lynda.
In this case, even if Ron's system detects the incoming mail as containing malware, he sees the source as being Lynda - while Dave remains unaware of the actual infection.


E-mail spoofing is possible because Simple Mail Transfer Protocol (SMTP), the main protocol used in sending e-mail, does not include an authentication mechanism. Although an SMTP service extension (specified in IETF RFC 2554) allows an SMTP client to negotiate a security level with a mail server, this precaution is not often taken. If the precaution is not taken, anyone with the requisite knowledge can connect to the server and use it to send messages. To send spoofed e-mail, senders insert commands in headers that will alter message information. It is possible to send a message that appears to be from anyone, anywhere, saying whatever the sender wants it to say. Thus, someone could send spoofed e-mail that appears to be from you with a message that you didn't write.


 How Do I Recognize and Defend Against Spoof Emails? 



Like with any con game in life, your best defense is skepticism. If you don’t believe that the email is truthful, or that the sender is legitimate, then simply don’t click on the link and type your email address. If there is a file attachment, simply don’t open it, lest it contain a virus payload. If the email seems too good to be true, then it probably is, and your skepticism will save you from divulging your banking information. 


 NOTE:=“Do not use this hack trick in any criminal activities and please do not destroy any ones account,
this is for educational purpose only”.





1 comment:

  1. I'm using AVG security for a couple of years, and I'd recommend this solution to all of you.

    ReplyDelete

About Me:

Hey,there! Myself Chinmay Deshmukh.I have cleared JEE mains and currently pursuing my BE in [IT]in Institute of Engineering and Technology...