Email spoofing is the forgery of an Email header so that the message appears to have originated from someone or
somewhere other than the actual source.
Distributors of spam often use spoofing in an attempt to get recipients
to open, and possibly even respond to, their solicitations. Spoofing can be used legitimately. There are so many ways to send the Fake Emails even without knowing the password of the Email ID. The Internet
is so vulnerable that you can use anybody's Email ID to send a threatening Email to any official personnel.
Malware such as Klez and Sober
and many more modern examples often search for email addresses within
the computer they have infected, and use those addresses both as targets
for email, but also to create credible forged From fields in the emails that they send, so that these emails are more likely to be opened. For example:
E-mail spoofing is possible because Simple Mail Transfer Protocol (SMTP), the main protocol used in sending e-mail, does not include an authentication mechanism. Although an SMTP service extension (specified in IETF RFC 2554) allows an SMTP client to negotiate a security level with a mail server, this precaution is not often taken. If the precaution is not taken, anyone with the requisite knowledge can connect to the server and use it to send messages. To send spoofed e-mail, senders insert commands in headers that will alter message information. It is possible to send a message that appears to be from anyone, anywhere, saying whatever the sender wants it to say. Thus, someone could send spoofed e-mail that appears to be from you with a message that you didn't write.
Like with any con game in life, your best defense is skepticism. If you don’t believe that the email is truthful, or that the sender is legitimate, then simply don’t click on the link and type your email address. If there is a file attachment, simply don’t open it, lest it contain a virus payload. If the email seems too good to be true, then it probably is, and your skepticism will save you from divulging your banking information.
NOTE:=“Do not use this hack trick in any criminal activities and please do not destroy any ones account,
somewhere other than the actual source.
Distributors of spam often use spoofing in an attempt to get recipients
to open, and possibly even respond to, their solicitations. Spoofing can be used legitimately. There are so many ways to send the Fake Emails even without knowing the password of the Email ID. The Internet
is so vulnerable that you can use anybody's Email ID to send a threatening Email to any official personnel.
Methods to send fake emails
1.Open relay server
2.Web Scripts
Fake emails:Open relay system
An Open Mail Relay is an SMTP (Simple Mail Transfer Protocol) server configured in such a way that it allows anyone on the Internet to send Email through it, not just mail destined ‘To’ or ‘Originating’ from known users.An Attacker can connect the Open Relay Server via Telnet and instruct the server to send the Email.Open Relay Email Server requires no password to send the Email
Fake Emails: via web script
Web Programming languages such as PHP and ASP contain the mail sending functions which can be used to send Emails by programming Fake headers i.e.” From: To: Subject:”There are so many websites available on the Internet which already contains these mail sending scripts. Most of them provide the free service.
Some of Free Anonymous Email Websites are:
1.Mail.Anonymizer.name (Send attachments as well)
2.FakEmailer.net
3.FakEmailer.info
4.Deadfake.com
5.Emkei.cz
6.sendanonymousemail.net
7.Revengemail.net
8.Fakemailgenerator.com(this one is used for getting fake identity)
Spam and Worms
- Dave is sent an infected email which he opens, running the worm code.
- The worm code searches Dave's address book and finds the addresses of Ron and Lynda
- From Dave's computer, the worm sends an infected email to Ron, but forged to appear to have been sent by Lynda.
E-mail spoofing is possible because Simple Mail Transfer Protocol (SMTP), the main protocol used in sending e-mail, does not include an authentication mechanism. Although an SMTP service extension (specified in IETF RFC 2554) allows an SMTP client to negotiate a security level with a mail server, this precaution is not often taken. If the precaution is not taken, anyone with the requisite knowledge can connect to the server and use it to send messages. To send spoofed e-mail, senders insert commands in headers that will alter message information. It is possible to send a message that appears to be from anyone, anywhere, saying whatever the sender wants it to say. Thus, someone could send spoofed e-mail that appears to be from you with a message that you didn't write.
How Do I Recognize and Defend Against Spoof Emails?
Like with any con game in life, your best defense is skepticism. If you don’t believe that the email is truthful, or that the sender is legitimate, then simply don’t click on the link and type your email address. If there is a file attachment, simply don’t open it, lest it contain a virus payload. If the email seems too good to be true, then it probably is, and your skepticism will save you from divulging your banking information.
I'm using AVG security for a couple of years, and I'd recommend this solution to all of you.
ReplyDelete