Email Spoofing Archives – Gridinsoft Blog Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Fri, 19 Jul 2024 20:41:44 +0000 en-US hourly 1 https://wordpress.org/?v=77918 200474804 How to Prevent Email Spoofing https://gridinsoft.com/blogs/prevent-email-spoofing/ https://gridinsoft.com/blogs/prevent-email-spoofing/#respond Fri, 19 Jul 2024 15:20:27 +0000 https://gridinsoft.com/blogs/?p=9471 Types of Email Spoofing Email spoofing, also known as spoofing email, involves forging the sender’s email address. Often, the address in the sender’s field is fake; any responses sent to this address will likely reach a third party. The primary goal of this scam is to deceive the user. Fraudsters deploy a variety of tactics… Continue reading How to Prevent Email Spoofing

The post How to Prevent Email Spoofing appeared first on Gridinsoft Blog.

]]>
Types of Email Spoofing

Email spoofing, also known as spoofing email, involves forging the sender’s email address. Often, the address in the sender’s field is fake; any responses sent to this address will likely reach a third party. The primary goal of this scam is to deceive the user.

Fraudsters deploy a variety of tactics to execute a successful spoofing attack 1. Below, we explore the most common methods they use.

1. Sharing a Similar Domain

To successfully spoof an email, fraudsters meticulously imitate sender addresses that appear similar to those of well-known organizations or companies. They typically:

  • Alter the top-level domain, for example, from support@spotify.com to support@spotify.co
  • Change the domain to include a country code, for example, support@spotify.com.ru
  • Modify a single character in the domain name, turning support@spotify.com into support@spatify.com
  • Use a variant of the domain that still references the brand, such as support@spotifyinfo.com
  • Create an email address that incorporates the company’s name, like support.spotify@gmail.com

2. Substituting the Sender’s Name

This tactic involves falsifying the sender’s name, with the “From” and “Reply-To” headers displaying the fraudster’s address instead. This method is particularly prevalent on mobile mail clients, which typically only display the sender’s name. Fraudsters may use:

  • Misleading variations of the company’s name.
  • Fabricated names paired with deceptive email addresses.

Imagine that you receive an email like this:

Preventing Email Spoofing - Example 1

Notice that all fields are correct, but the From and Reply-To fields are not. When Dude1 receives this email, he may think it’s from his boss. When he hits “Reply,” all he’ll see in the To: field is the name “BossMan,” but it will actually go back to his friend who spoofed the email, Dude2.

3. Changes the significance of the From and Reply-to fields

Because the SMTP protocol does not authenticate headers, fraudsters can easily forge addresses in the From and Reply fields without being noticed. Thus, they have the privilege of not being caught, as a fake is almost no different from the original.

Protection from Email Spoofing

To effectively guard against email spoofing, it’s essential to configure email security protocols such as SPF, DKIM, and DMARC. Below, you’ll find step-by-step guides on how to set up these protocols for popular email platforms:

1. Setting Up SPF (Sender Policy Framework)

SPF helps to verify that incoming mail from a domain comes from a host authorized by that domain’s administrators.

  • Gmail: Go to the Google Admin console, navigate to ‘Domains’, and then ‘Add a domain or a domain alias’. Add the SPF record in your DNS settings: v=spf1 include:_spf.google.com ~all
  • Outlook: In the Microsoft 365 admin center, go to ‘Settings’ → ‘Domains’, select your domain, and add the SPF record to your DNS settings: v=spf1 include:spf.protection.outlook.com -all

2. Implementing DKIM (DomainKeys Identified Mail)

DKIM (DomainKeys Identified Mail) adds an encrypted signature to outgoing emails, allowing the receiver to verify that an email was indeed sent and authorized by the owner of the sending domain. Setting up DKIM correctly can help prevent email spoofing by verifying the authenticity of the sender. Here’s how to set up DKIM for Gmail and Outlook:

Implementing DKIM for Gmail:

Setup DKIM for Gmail - Prevent Email Spoofing

To configure DKIM for Gmail, use the following steps:

  1. Sign in to the Google Admin console.
  2. Navigate to AppsGoogle WorkspaceGmailAuthenticate email.
  3. Select the domain for which you want to set up DKIM and click GENERATE NEW RECORD. You might see this option only if you haven’t already set up DKIM for your domain.
  4. Choose a key length of 2048 bits for better security (1024 bits is also available but less secure).
  5. After generating the DKIM key, Google will provide you with a TXT record to add to your domain’s DNS. It will look something like this:
    google._domainkey IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSq...AB"

    This is your public key.

  6. Add this record to your DNS settings at your domain host. Keep in mind that DNS propagation can take up to 48 hours.
  7. Once the DNS has propagated, return to the Admin console and click START AUTHENTICATION.

When DKIM is set up correctly, Gmail will sign outgoing emails automatically, allowing recipient servers to verify their authenticity.

Implementing DKIM for Outlook:

For users of Microsoft 365 or Outlook, the setup process involves similar steps:

  1. Login to the Microsoft 365 Defender portal.
  2. Go to Email & collaborationPolicies & rulesThreat policiesDKIM.
  3. Choose the domain you wish to enable DKIM for and click Enable.
  4. If no DKIM keys exist, Microsoft will prompt you to create them. Click on Create to generate the keys.
  5. Microsoft will then provide two CNAME records to add to your domain’s DNS. These records delegate the DKIM signing authority to Microsoft. They typically look like this:
    selector1._domainkey.YOURDOMAIN.com CNAME selector1-YOURDOMAIN-com._domainkey.OURDOMAIN.onmicrosoft.com
    selector2._domainkey.YOURDOMAIN.com CNAME selector2-YOURDOMAIN-com._domainkey.OURDOMAIN.onmicrosoft.com
  6. Add these CNAME records to your DNS. Again, allow up to 48 hours for DNS changes to take effect.
  7. Once DNS propagation is complete, go back to the Defender portal and confirm the DKIM status to ensure it is active.

Implementing DKIM for your domain significantly improves your email security by enabling email authenticity verification at the recipient’s end.

3. Configuring DMARC (Domain-based Message Authentication, Reporting, and Conformance)

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication, policy, and reporting protocol. It builds on SPF and DKIM protocols, helping email receivers determine if a given message aligns with what the receiver knows about the sender. If not, DMARC includes guidance on how to handle these discrepancies. Here’s a step-by-step guide to setting up DMARC:

Understanding DMARC Policy:

Before setting up DMARC, you need to understand the policies you can apply:

None: This policy allows all emails, regardless of authentication status, to be delivered (used for monitoring and reporting purposes).
Quarantine: Emails that fail DMARC authentication will be moved to the spam folder or a similar location.
Reject: Fully blocks delivery of emails that fail DMARC authentication.

Steps to Configure DMARC:

  1. Create a DMARC record: A DMARC policy is published as a DNS TXT record. The typical format of a DMARC record looks like this:
    v=DMARC1; p=none; rua=mailto:admin@yourdomain.com

    In this example, ‘p=none’ specifies the policy, and ‘rua’ indicates where aggregate reports of DMARC failures will be sent.

  2. Choose Your Policy: Decide which policy (none, quarantine, reject) fits your needs based on your security posture and the maturity of your SPF and DKIM setups.
  3. Specify Email Reporting: Determine where you want reports of pass/fail to be sent. These reports are crucial for understanding the types of attacks targeting your domain and observing how your emails are being received on the internet. Use ‘rua’ for aggregate reports and ‘ruf’ for forensic reports:
    rua=mailto:aggregate@yourdomain.com; ruf=mailto:forensic@yourdomain.com
  4. Publish the DMARC Record: Add the DMARC TXT record to your domain’s DNS. This is similar to adding SPF or DKIM records. You typically enter the record into your DNS management dashboard.
  5. Monitor and Adjust: After implementing DMARC, monitor the reports you receive and adjust your policy as needed. Initially starting with a ‘none’ policy and moving to ‘quarantine’ or ‘reject’ as you confirm that legitimate emails are passing SPF and DKIM checks is a common approach.

Additional DMARC Tags:

DMARC records can include several optional tags to refine its operation:

  • aspf: Alignment mode for SPF (strict or relaxed).
  • adkim: Alignment mode for DKIM (strict or relaxed).
  • fo: Forensic options to specify conditions under which forensic reports should be generated.
  • rf: The format to be used in forensic reports.
  • ri: Reporting interval for how often you want to receive the aggregate reports.

How to Prevent Email Spoofing

The post How to Prevent Email Spoofing appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/prevent-email-spoofing/feed/ 0 9471
How to Stop and Block Spam Emails https://gridinsoft.com/blogs/avoid-spam-email/ https://gridinsoft.com/blogs/avoid-spam-email/#respond Thu, 04 Jul 2024 12:32:03 +0000 https://blog.gridinsoft.com/?p=747 Spam refers to the flood of unwanted emails that clutter your inbox, often from unknown and dubious sources. These emails not only waste your time but can also pose serious security threats by attempting to install malware or steal your personal information. Spam has been a nuisance since the early days of the Internet, making… Continue reading How to Stop and Block Spam Emails

The post How to Stop and Block Spam Emails appeared first on Gridinsoft Blog.

]]>
Spam refers to the flood of unwanted emails that clutter your inbox, often from unknown and dubious sources. These emails not only waste your time but can also pose serious security threats by attempting to install malware or steal your personal information. Spam has been a nuisance since the early days of the Internet, making it a persistent problem to tackle. This is why it’s crucial to understand the benefits of using malware protection to safeguard your data.

How can you identify a suspicious email as “Spam”? What steps can you take to protect your computer from potential spam infections? Is it safe to open such emails?

In this article, we will address all these questions, helping you decipher the overwhelming number of mysterious emails in your inbox, understand their origins, and provide practical tips to avoid falling prey to spam emails.

10 working tips to protect your personal data. Data protection includes any measures we take to protect data, no matter where it is stored.

How to Identify Spam Emails

If you have never heard of this type of message or have not encountered a particular moment with “Spam”, then we will tell you about some signs:

  • Check the sender’s address. Look carefully at the sender’s address bar. If there is some incomprehensible set of letters and numbers, move the cursor to the address to see it in full. If he alerts you, enter him into the search engine and try to find something about this address.
  • Follow the intended query. Think logically that large companies will not ask you for personal information, registration, bank account number, insurance details, and other confidential data. If you assume for what reason this service or the company, then yes, but if it all looks as inappropriate as possible – do not fall for it, it is SpamSpam!
  • Be careful if the message creates the appearance of something urgent. Do not fall for such phrases: “Urgently,” “does not require a delay,” and others like that. The intruders are trying to put pressure on you in this way. They want these headlines to make you make your decisions quickly and rashly.
  • Check whether the email uses your name. The company that will send you an email will probably know your details, at least your first and last name. Such phrases like “Dear Customer” or “Dear Reader” should make you doubt their legitimacy.
  • Checks grammar and spelling. What does that mean? The strange wording in the article, miswritten words, and no system can give you the idea that there is something wrong.
Fraudsters are just trying to keep you on their ads, or something, by sending out a huge number of letters, but sometimes they manage to achieve their intended goal due to this. How to legally retaliate for email spam

Examples of Spam Emails

All spam emails have different types; you need to know and understand where you can meet them.

  • Spoofed emails – in this case, the attacker attempts to deceive you by stealing confidential data and impersonating a different person.
  • Ads are the most common form of SpamSpam. These are often scammers, although sometimes it can be an actual advertisement or product.
  • Malware warnings – TI messages suggest you click on a predefined link to protect your PC from malware.
  • Money scams – in this case, the pretenders, by deception, in the form of volunteers and good virtues, try to draw money from you.
  • Over-the-top promises – this you often could see on the Internet. These are promises about quick winning, fast losing weight, big payouts, and other lies.
  • Forced or accidental subscriptions – you probably bought something on the Internet and know that you offered to subscribe to the newsletter about new updates after the purchase. But some companies do this secretly; after the purchase, you automatically subscribe to a hundred emails from them.
  • Chain letters – this is a made-up, where you press psychologically, frightening you that something will happen to you.

How to Stop Spam Emails

If your Inbox is already crowded, making it difficult to navigate and understand where messages come from and why, follow these steps to rid yourself of the massive number of spam emails:

  1. Report the email as spam. Use your email provider’s option to mark emails as spam. This helps improve spam filters and keeps your inbox clean.
  2. Block spam email addresses. Block addresses that frequently send you spam. This prevents further emails from those addresses from reaching your inbox.
  3. Use an email alias. Create an alias for situations where you might not want to share your main email address. This helps protect your primary inbox from spam.
  4. Change your email privacy settings. Adjust your email privacy settings to limit who can send you emails and prevent your address from being publicly accessible.
  5. Unsubscribe from unwanted newsletters or mailing lists. Use the unsubscribe link typically found at the bottom of newsletters and marketing emails to stop receiving them.
  6. Check if your email is on the dark web. Use services that can check if your email address has been compromised or is being circulated on the dark web.
  7. Use SPF and DKIM email authentication. Ensure your email provider uses SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to authenticate emails and reduce spam.

Report the Email as Spam

Reporting spam emails helps improve the spam filters of your email provider and reduces the amount of spam you receive. Here’s a step-by-step guide on how to report an email address that is sending spam:

GmailOutlookYahoo MailApple Mail (iCloud)ProtonMail

Gmail

  1. Open Gmail and go to your inbox.
  2. Find the spam email you want to report and open it.
  3. Click on the three vertical dots (More) in the top-right corner of the email.
  4. Select “Report spam” from the dropdown menu.
  5. A confirmation message will appear. Click “Report spam” again to confirm.

Outlook

  1. Open Outlook and go to your inbox.
  2. Find the spam email you want to report and open it.
  3. Click on the three horizontal dots (More actions) in the top-right corner of the email.
  4. Select “Mark as junk” from the dropdown menu.
  5. Confirm by clicking “Report” in the pop-up window.

Yahoo Mail

  1. Open Yahoo Mail and go to your inbox.
  2. Find the spam email you want to report and open it.
  3. Click on the three horizontal dots (More) in the top-right corner of the email.
  4. Select “Report spam” from the dropdown menu.
  5. Confirm by clicking “Report” in the pop-up window.

Apple Mail (iCloud)

  1. Open Apple Mail and go to your inbox.
  2. Find the spam email you want to report and open it.
  3. Click on the Flag icon at the top of the email.
  4. Select “Move to Junk” from the dropdown menu.

ProtonMail

  1. Open ProtonMail and go to your inbox.
  2. Find the spam email you want to report and open it.
  3. Click on the three vertical dots (More) in the top-right corner of the email.
  4. Select “Mark as spam” from the dropdown menu.

Block Spam Email Addresses

Blocking spam email addresses prevents further emails from those addresses from reaching your inbox. Here’s a step-by-step guide on how to block an email address:

GmailOutlookYahoo MailApple Mail (iCloud)ProtonMail

Gmail

  1. Open Gmail and go to your inbox.
  2. Find the email from the address you want to block and open it.
  3. Click on the three vertical dots (More) in the top-right corner of the email.
  4. Select “Block [sender’s name]” from the dropdown menu.
  5. Click “Block” again in the confirmation box.

Outlook

  1. Open Outlook and go to your inbox.
  2. Find the email from the address you want to block and open it.
  3. Click on the three horizontal dots (More actions) in the top-right corner of the email.
  4. Select “Block [sender’s name]” from the dropdown menu.
  5. Confirm by clicking “OK” in the pop-up window.

Yahoo Mail

  1. Open Yahoo Mail and go to your inbox.
  2. Find the email from the address you want to block and open it.
  3. Click on the three horizontal dots (More) in the top-right corner of the email.
  4. Select “Block sender” from the dropdown menu.
  5. Confirm by clicking “OK” in the pop-up window.

Apple Mail (iCloud)

  1. Open Apple Mail and go to your inbox.
  2. Find the email from the address you want to block and open it.
  3. Click on the sender’s name or email address at the top of the email.
  4. Select “Block Contact” from the dropdown menu.
  5. Confirm by clicking “Block” in the pop-up window.

ProtonMail

  1. Open ProtonMail and go to your inbox.
  2. Find the email from the address you want to block and open it.
  3. Click on the three vertical dots (More) in the top-right corner of the email.
  4. Select “Block sender” from the dropdown menu.

Use an Email Alias

Using an email alias can help protect your primary email address from spam and keep your inbox organized. Here’s a step-by-step guide on how to create and use an email alias:

GmailOutlookYahoo MailApple Mail (iCloud)ProtonMail

Gmail

  1. Open Gmail and go to your inbox.
  2. Click on the gear icon in the top-right corner and select “See all settings”.
  3. Go to the “Accounts and Import” tab.
  4. In the “Send mail as” section, click “Add another email address”.
  5. Enter your alias email address and click “Next Step”.
  6. Verify the alias by following the instructions sent to the alias email address.
  7. To use the alias when composing an email, click on the “From” field in the compose window and select your alias email address.

Outlook

  1. Open Outlook and go to your inbox.
  2. Click on the gear icon in the top-right corner and select “View all Outlook settings”.
  3. Go to “Email” and then “Sync email”.
  4. In the “Manage or choose a primary alias” section, click “Add email”.
  5. Select “Create a new email address and add it as an alias” and enter your desired alias.
  6. Click “Add alias” and follow the verification steps.
  7. To use the alias, compose a new email and select the alias from the “From” dropdown menu.

Yahoo Mail

  1. Open Yahoo Mail and go to your inbox.
  2. Click on the gear icon in the top-right corner and select “More Settings”.
  3. Go to the “Mailboxes” tab.
  4. In the “Email alias” section, click “Add”.
  5. Enter your desired alias and click “Set up”.
  6. Verify the alias by following the instructions sent to your primary email address.
  7. To use the alias, compose a new email and select the alias from the “From” dropdown menu.

Apple Mail (iCloud)

  1. Open iCloud.com and sign in with your Apple ID.
  2. Click on “Mail” and then the gear icon in the lower-left corner.
  3. Select “Preferences” and go to the “Accounts” tab.
  4. Click on “Add an alias”.
  5. Enter your desired alias, full name, and label, then click “OK”.
  6. To use the alias, compose a new email and select the alias from the “From” dropdown menu.

ProtonMail

  1. Open ProtonMail and go to your inbox.
  2. Click on the gear icon in the top-right corner and select “Go to settings”.
  3. Go to the “Addresses/Users” tab.
  4. Click on “Add address”.
  5. Enter your desired alias and follow the on-screen instructions to verify and set up the alias.
  6. To use the alias, compose a new email and select the alias from the “From” dropdown menu.

Check if Your Email is on the Dark Web

Checking if your email is on the dark web can help you take proactive measures to protect your information. Here’s a step-by-step guide on how to check if your email is compromised:

Have I Been PwnedSecurity FeaturesThird-Party Services

Using Have I Been Pwned

  1. Open your web browser and go to the Have I Been Pwned website.
  2. Enter your email address in the search bar and click on “pwned?”.
  3. Review the results to see if your email address has been compromised in any data breaches.
  4. If your email is found, the site will list the breaches and provide details about what information was exposed.

Using Your Email Provider’s Security Features

  1. Log in to your email account (Gmail, Outlook, Yahoo, etc.).
  2. Go to the security or privacy settings.
  3. Look for an option that checks if your email is compromised or if there are any suspicious activities. Some providers have built-in features to alert you if your email is found on the dark web.
  4. Follow the on-screen instructions to check your email’s security status.

Using Third-Party Services

Several third-party services can help you check if your email is on the dark web. Here are a few reliable options:

  • Identity Guard: Offers dark web monitoring as part of their identity theft protection services.
  • Experian Dark Web Scan: A free tool provided by the credit reporting agency Experian.

Steps to Take if Your Email is Found on the Dark Web


Change Your Passwords: Immediately change the passwords for your compromised email account and any other accounts that use the same password.

Enable Two-Factor Authentication (2FA): Add an extra layer of security by enabling 2FA on your accounts.

Monitor Your Accounts: Keep a close eye on your email and other accounts for any suspicious activity.

Use a Password Manager: Use a password manager to generate and store strong, unique passwords for each of your accounts.

Consider Identity Theft Protection: Enroll in an identity theft protection service for ongoing monitoring and support.

Use SPF and DKIM Email Authentication

SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) are email authentication methods that help protect your domain from email spoofing and ensure that your emails are delivered securely. Here’s a step-by-step guide on how to use SPF and DKIM:

Setting Up SPFSetting Up DKIM

Setting Up SPF

1. Access Your Domain’s DNS Settings:
  • Log in to your domain registrar or hosting provider’s control panel.
  • Navigate to the DNS settings or DNS management section.
2. Create an SPF Record:
  • Add a new TXT record to your DNS settings.
  • In the Name field, enter @ or leave it blank (depending on your provider).
  • In the Type field, select TXT.
  • In the Value field, enter your SPF record. A typical SPF record looks like this:
    v=spf1 include:_spf.google.com ~all
    This example allows Google to send emails on your behalf. Modify the value based on your email provider’s recommendations.
  • Save the changes.
3. Verify the SPF Record:

Use an SPF validation tool, such as MXToolbox or SPF Record Checker, to verify your SPF record is set up correctly.

Setting Up DKIM

1. Generate a DKIM Key Pair:
  • Log in to your email service provider’s control panel (e.g., Google Workspace, Office 365).
  • Navigate to the DKIM settings section and generate a DKIM key pair (public and private keys).
2. Add the DKIM Public Key to Your DNS:
  • Log in to your domain registrar or hosting provider’s control panel.
  • Navigate to the DNS settings or DNS management section.
  • Add a new TXT record for DKIM.
  • In the Name field, enter the DKIM selector and your domain name. It often looks like this: google._domainkey.yourdomain.com.
  • In the Type field, select TXT.
  • In the Value field, paste the DKIM public key provided by your email service provider. It looks something like:
    v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDa...
  • Save the changes.
3. Enable DKIM Signing:
  • Go back to your email service provider’s control panel.
  • Navigate to the DKIM settings section.
  • Enable DKIM signing for your domain. This will ensure outgoing emails are signed with the private key.
4. Verify the DKIM Record:

Use a DKIM validation tool, such as MXToolbox or DKIM Record Checker, to verify your DKIM record is set up correctly.

Monitoring and Maintenance

  1. Regularly Check Your DNS Records: Ensure your SPF and DKIM records are up-to-date and correctly configured.
  2. Monitor Email Deliverability: Use email deliverability tools to monitor how well your emails are being delivered and check for any issues related to SPF or DKIM.
  3. Update Records as Needed: If you change email providers or add new sending sources, update your SPF and DKIM records accordingly.

How to Stop and Block Spam Emails

The post How to Stop and Block Spam Emails appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/avoid-spam-email/feed/ 0 747
“Your Account Has Been Locked”: Top 5 Signs of a Phishing Scam https://gridinsoft.com/blogs/phishing-top-5-signs/ https://gridinsoft.com/blogs/phishing-top-5-signs/#respond Tue, 19 Jul 2022 13:44:09 +0000 https://gridinsoft.com/blogs/?p=9483 The topic of our article will be how to understand that you have become a victim of a phishing attack. Below, you will learn what is discussed in our main slogan. You’re probably surprised by the name, and maybe not. But in any case, we will give a clear definition of phishing attacks and further… Continue reading “Your Account Has Been Locked”: Top 5 Signs of a Phishing Scam

The post “Your Account Has Been Locked”: Top 5 Signs of a Phishing Scam appeared first on Gridinsoft Blog.

]]>
The topic of our article will be how to understand that you have become a victim of a phishing attack. Below, you will learn what is discussed in our main slogan. You’re probably surprised by the name, and maybe not. But in any case, we will give a clear definition of phishing attacks and further consider the top most common signs of their manifestation.

What is a phishing scam? It is an attack carried out by an attacker on a user using a form of social engineering. It often occurs through emails, text messages, and calls with a specific structure and a fraudulent motive through which the fraudster attempts to influence the victim and get what he wants. The list of desires includes passwords, account data, and malware distribution.

Related Content: QR code phishing is a growing cybersecurity threat.

You will likely notice similar emails in your inbox if you are sensitive to your privacy. At the bottom, there is often a requirement to urgently click on a link or a confirmation to enter the system, which you did not open soon. So, what to do if you fall for a phishing scam?

Five signs of a phishing scam

Below we will submit the five most common signs of the phishing scam, after which you will be able to protect yourself from such deception. It is very important to be able to define it correctly, as threat actors apply very sly tactics. In the case of spear phishing, for example, they can counterfeit the email you are waiting for – and make you trust them.

1. Identity verification in your email

Everyone saw it at least one time in their life. Each user has an account – in a bank, online store, or social network, which is tied to an email. Based on this, scammers use this as bait to make a successful phishing attack on the user.

Verify identity email scam
The example of identity verification email scam

They disguise their messages as a company or bank that you know that says they need to urgently confirm your identity to do some background check or something. In this case, you need to be very attentive and understand whether you were waiting for some message from your company or bank which may relate to your account. If you doubt the legitimacy of such confirmation, better enter the account from your application or the official website, bank, or company and check the presence of any such issues.

2. Addresses or links to a website do not look authentic

Fraudsters carefully approach the issue of falsifying addresses under the actual addresses of some offices. At first glance, these addresses may seem quite similar to the ones banks or companies use to text you. But if you look closely, you can understand that something is wrong with the name. The addresses look similar but are never the same as the official sender has.

Missing correct email
The sender’s email is not even similar to the real Geek Squad support’s one

Information in letters can also be malicious. For example, this malicious stuff can be in the links inside the message body. Clicking on them will take you to a malicious site where you’ll likely see a phishing form, or a malicious offer. To avoid this, hover over them and check the link’s current address.

3. Poor spelling and illiteracy of the writing itself

Read the letter carefully before agreeing to anything you see or read. The presence of gross grammatical and spelling errors should give you an idea of the legitimacy of this letter. Major sites, stores, banks, and companies will protect their reputations and avoid minor missteps. It is their image in the customers’ eyes, so they are interested in taking care of their visuals.

Fake email poor grammar
Poor grammar in the email is a sign of a counterfeit

Read carefully everything you see, and look at the structure, whether there is a greeting, the central part, and a logical ending. That way, you can determine if the letter is genuine.

4. Suspicious attachment

If you have received an email with an attachment you will be asked to go to, you should check it well. Scanning the attached file with the antivirus is a good idea. At least, you should be on the alarm when seeing the offer to enable macros in the document. Through such attachments, fraudsters often try to distribute malicious URLs that lead to the installation of Trojans and malware on your device.

Malicious attachment email
Malicious attachment in this message contains spyware

5. The purpose of the phishing message is to make you panic.

Here we return to our main slogan of the article – “Your account is blocked”. Yes, this is also one of the features of phishing scams. Malefactors use such phrases to drive users into a panic. It is a psychological technique so that the user does not have time to think clearly. In a panic, you go to the link or enter the info to the attached form, and thereby compromise their data.

I hacked you spam
The classic extortion letter that tries to scare the victim

They can add a list of frightening phrases – “your computer is infected,” “we leaked your data”, and others like that. To verify that these threats are real, log in to your accounts through official sources, not through the ones you see in a letter. Since there could be real cases of such notifications, you should verify the authenticity of such threats.

The post “Your Account Has Been Locked”: Top 5 Signs of a Phishing Scam appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/phishing-top-5-signs/feed/ 0 9483
11 Types of Spoofing Attacks https://gridinsoft.com/blogs/types-of-spoofing-attacks/ https://gridinsoft.com/blogs/types-of-spoofing-attacks/#respond Thu, 09 Jun 2022 13:19:12 +0000 https://gridinsoft.com/blogs/?p=8398 Spoofing is a kind of cybercrime in which attackers impersonate a trusted source, such as a trusted contact, to gain access to confidential information or steal data, whether personal or professional. In addition to threatening your data privacy, Spoofing attacks can damage the brand’s reputation or the person the attackers are impersonating, sometimes making it… Continue reading 11 Types of Spoofing Attacks

The post 11 Types of Spoofing Attacks appeared first on Gridinsoft Blog.

]]>
Spoofing is a kind of cybercrime in which attackers impersonate a trusted source, such as a trusted contact, to gain access to confidential information or steal data, whether personal or professional. In addition to threatening your data privacy, Spoofing attacks 1 can damage the brand’s reputation or the person the attackers are impersonating, sometimes making it difficult to regain their former prominence.

Types of Spoofing Attacks

For attacks to be successful, hackers can spoof many things: an IP address, a web page, a phone number, a login form, a GPS location, an email address, a text message, and even a face. Some of these actions rely on human error, while others rely on the use of hardware or software flaws. Of all the scenarios that fit the form of a spoofing attack, the following are the most common these days.

1. ARP Spoofing

This is a reasonably common man-in-the-middle attack technique. The cybercriminal fills the local network with forged Address Resolution Protocol (ARP) packets, thus disrupting the normal traffic routing process. This intervention aims to map an adversary’s MAC address to the IP address of the target LAN’s default gateway. As a result, all traffic is redirected to the attacker’s computer before reaching its destination. In addition, the attacker can change the data before forwarding it to the actual recipient or interrupt all network communications. ARP spoofing can also serve as a launching pad for DDoS 2 attacks.

2. MAC Spoofing

In theory, every network adapter inside a connected device should have its own unique Media Access Control (MAC) address that cannot be found anywhere else. In practice, however, a clever hacker can change this. Using the shortcomings of some hardware drivers, an attacker can modify or spoof the MAC address. Thus, he masquerades as the device registered in the target network to bypass traditional access limiting mechanisms. In this way, he can impersonate a trusted user and perpetrate fraud such as business email compromise (BEC), data theft, or placement of malware in a digital environment.

3. IP Spoofing

In this case, the attacker sends Internet Protocol packets with a falsified source address. In this way, he hides the real online identity of the sender of the packet and thus pretends to be another computer. Also, IP spoofing3 is often used to launch DDoS attacks. It is difficult for the digital infrastructure to filter such fraudulent packets, given that each one comes from a different address, which allows the scammers to simulate legitimate traffic convincingly. In addition, this method allows bypassing authentication systems that use a device’s IP address as an important identifier.

4. DNS Cache Poisoning (DNS Spoofing)

The Domain Name System (DNS) is a kind of telephone book for the Internet. It turns familiar domain names into IP addresses that browsers understand and use to load web pages. Attackers can distort this mapping technology using the known weaknesses of DNS server caching. As a result, the victim risks navigating to a malicious copy of the intended domain. This is a good basis for phishing attacks that look very plausible.

5. Email Spoofing

Basic email protocols are pretty vulnerable and can provide an attacker with some opportunities to distort specific attributes of a message. One common vector of this attack is to change the header of an email. As a result, the sender’s address (displayed in the “From” field) appears to be real when in fact, it is not. A hacker can take advantage of this mismatch and impersonate a trusted person, such as a senior executive, colleague, or contractor. Often the BEC mentioned above scams rely on this exploitation, resorting to the use of social engineering and manipulation so that the victim, without thinking, allows a fraudulent bank transfer to take place. The purpose of email spoofing is precisely to deceive the user, not to be declassified.

6. Website Spoofing

A scammer may try to trick a victim into going to an “exact copy” of the website they usually use. Unfortunately, hackers are getting better and better at mimicking the layout, branding, and login forms. And in combination with the DNS mentioned above spoofing technique, it will be tough to find the trick. Still, website spoofing is not a perfect scheme. For maximum effect, you should send a phishing email to the victim, which will prompt the recipient to click on the malicious link. Usually, criminals use such a scheme to steal authentication data or spread malware which then gives them a backdoor into the corporate network. Also, URL spoofing can lead to identity theft.

Sniffing and spoofing: difference, meaning, tips to avoid It.

7. Caller ID Spoofing

This is a rather old scheme, but it is still sometimes used today. In this scheme, the attacker uses loopholes in the functioning of telecommunications equipment, thereby fabricating data about the caller, which the victim sees on his phone screen. In addition to pranks, the attacker can use such techniques to forge the caller ID by posing as someone the victim knows or as a representative of a company with which the victim cooperates. Sometimes to increase the chances that the victim will answer the call, the information displayed on the smartphone display will include a well-known brand logo and physical address. This type of spoofing attack aims to get the victim to reveal personal information or pay non-existent bills.

8. Text Message Spoofing

Unlike the previous method, this one is not always used for fraudulent purposes. Today, this method is used by companies to interact with their customers. It replaces the traditional phone number with an alphanumeric string (for example, the company name) and sends text messages. Unfortunately, scammers can also use this technology as a weapon. One variation on the text-message spoofing scam involves the scammer substituting the SMS sender’s identifier for a brand name the recipient trusts. This impersonation scheme can be the basis for targeted phishing, identity theft, and the increasing frequency of gift card scams targeting organizations.

9. File Extension Spoofing

Windows systems, by default, hide file extensions to streamline user experience. However, this feature also provides an opportunity for cybercriminals to distribute malware more easily. They often employ double extensions to mask a dangerous executable file as a harmless one. For instance, a file named Resume.docx.exe will misleadingly display as a standard Word document. Thankfully, most security programs actively detect such deceptions and alert users before they open these potentially harmful files.

10. GPS Spoofing

Today, users increasingly rely on geolocation services to avoid traffic jams or get to their destination. Unfortunately, cybercriminals may trick a target device’s GPS receiver into preventing it from working correctly. National states can use GPS spoofing to avoid gathering intelligence and sometimes even sabotage other countries’ military installations. But businesses can also use it to their advantage. For example, a competitor can interfere with the navigator in the car of a CEO who is rushing to an important meeting with a potential business partner. As a result, the victim will make a wrong turn, get stuck in traffic, and be late for the meeting. This could interfere with a future deal.

11. Facial Spoofing

Facial recognition is now the basis of numerous authentication systems and is rapidly expanding. In addition to unlocking gadgets, the face could become a critical authentication factor for future tasks such as signing documents or approving wire transfers. Cybercriminals are bound to look for and exploit weaknesses in the Face ID implementation chain. Unfortunately, it’s pretty easy to do so now. For example, security analysts have demonstrated a way to fool the Windows 10 Hello facial recognition feature with an altered, printed user photo. Fraudsters with enough resources and time can detect and exploit such imperfections.

How to Avoid Spoofing?

Here are the main signs that you are being spoofed. If you encounter any of these, click “Close”, click the “Back” button, and close the browser.

  • There is no padlock symbol or green bar next to the address bar. All secure authoritative websites must have an SSL certificate. The third-party CA has verified that the web address belonging to the entity is verified. But it is worth noting that SSL certificates are now free and easy to obtain. So even though there may be a padlock on the site, it does not guarantee that it is the real deal. Just remember, nothing on the Internet is 100 percent safe.
  • The site does not use file encryption. HTTP, aka Hypertext Transfer Protocol, is long obsolete. Legitimate websites always use HTTPS, an encrypted version of HTTP, when transmitting data back and forth. If you are on a login page and see “HTTP” instead of “HTTPS” in your browser’s address bar, think carefully before you type anything.
  • Use a password manager. It will automatically fill in your login and password log to any legitimate website that you save in your password vault. But in case you go to a phishing site, your password manager will not recognize the site and will not fill in the username and password fields for you – a clear sign that you are being spoofed.
The difference between phishing and spoofing: an overview, facts and tips to know.

How to Minimize the Risks of Spoofing Attacks?

The following tips will help you to minimize the risk of becoming a victim of a spoofing attack:

  • Turn on your spam filter. This will protect your mailbox from most fake newsletters.
  • Do not click on links or open email attachments if they come from an unknown sender. If there is a chance that the email is legitimate, contact the sender through another channel to verify that it is legitimate.
  • Log in via a separate tab or window. For example, if you receive an email or message with a link asking you to do something, such as log in to your account or verify your information, do not click the link provided. Instead, open another tab or window and go directly to the site. You can also sign in through the app on your phone or tablet.
  • Call back. If you receive a suspicious email, presumably from someone you know, call or write to the sender to be sure they sent the email. This is especially true if the sender makes an unusual request: “Hi, this is your boss. Can you buy ten iTunes gift cards and email them to me? Thank you.”
  • Show file extensions in Windows. You can change this by clicking the “View” tab in Explorer, then checking the box to show file extensions. This will in no way prevent crooks from spoofing file extensions, but you will be able to see the spoofed extensions and not open those malicious files.
  • Use a good antivirus program. For example, suppose you click on a dangerous link or attachment. In that case, a good antivirus program can warn you about the threat, stop the download, and prevent malware from entering your system or network. The most important rule is to remain vigilant. Always watch where you’re going, what you’re clicking on, and what you’re typing.

11 Types of Spoofing Attacks

The post 11 Types of Spoofing Attacks appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/types-of-spoofing-attacks/feed/ 0 8398
Extension spoofing strikes Spanish-speaking countries https://gridinsoft.com/blogs/extension-spoofing-spanish-speakers/ https://gridinsoft.com/blogs/extension-spoofing-spanish-speakers/#respond Tue, 07 Jun 2022 17:02:55 +0000 https://gridinsoft.com/blogs/?p=8348 An old-good form of malware disguisment sparked recently in several Spanish-speaking countries across the globe. Users note numerous cases of email attachments with spoofed file extensions, that appear to be coin miner trojans. Massive outbreak of extension spoofing in email spam Email spam is a form of malware spreading that became very popular at the… Continue reading Extension spoofing strikes Spanish-speaking countries

The post Extension spoofing strikes Spanish-speaking countries appeared first on Gridinsoft Blog.

]]>
An old-good form of malware disguisment sparked recently in several Spanish-speaking countries across the globe. Users note numerous cases of email attachments with spoofed file extensions, that appear to be coin miner trojans.

Massive outbreak of extension spoofing in email spam

Email spam is a form of malware spreading that became very popular at the edge of the current decade. It was used earlier as well, but with a much smaller scale. This spreading way may fit different needs – from massive spamming without target selection to spear phishing against the corporation employees. In modern practices, email spam usually contains something that makes the victim believe in the legitimacy of this letter. Background similar to the one used by FedEx, some routine patterned words about the incoming delivery – and voila – user believes you. After gaining your trust, they will try to trick you into following the link, or opening the attached file – the latter usually contains malware. The former, however, may lead the victim to the phishing page, or to the exploit site, where crooks will try to install malware.

Hence, if attaching the malware was not something new – what is the reason to wonder about the new wave? Hundreds of them happen each day, so they do not look like something worth attention. The peculiar item about those attacks is that they apply the use of extension spoofing techniques in order to disguise the attached file. That approach was not seen for a long time – but it popped up, again.

What is extension spoofing?

Extension spoofing is a trick with file names that visually changes the file format. It is based on Windows default settings of file extension display. By default, you see only the filenames – without extensions. When you spectate the opened folder in a list view mode, you’d likely fail to see the file icons. Therefore, you can add the extension you want to the end of your file, but in fact leaving it unchanged.

Extension spoofing
Here is how extension spoofing looks like

For example, you can make the batch script file and name it as “tuxedo-cat.png.bat”. Users will see it as “tuxedo-cat.png”, but in fact it will be the batch file that will run as soon as you’d try to open it. Moreover, low-skill users may easily miss the second extension, thinking that the first one is original. That trick is very old, but still effective – especially with the latest visual updates in Windows.

Who is under attack?

Most of the spectated cases appear in Spanish-speaking countries. Users from Mexico, Chile, Ecuador and, exactly, Spain reported the appearance of routinely looking emails with attached files. The latter had the naming like “confiromidad entrega material ].xlsx.exe or “resumenes info socioeco.xlsx.exe”. As you can see, the extension spoofing there has its easiest form – the one you can uncover by just seeing the detailed information about the file. However, the victims were tricked by the file names – they were too similar to the documents you work with everyday.

Email spam
The example of the message with malicious attachment. This file mimics the legit MS Word file

In those files, the coin miner virus is hiding. When you are trying to open this file, thinking it is legit, you will see no effects. But in the background, malware starts its nasty job. Coin miners, as you can suppose by the name, exploit your hardware to mine cryptocurrencies. Contrary to legit miners that you can install these do not let you to set how much hardware power they can use. You will see your CPU and GPU overloaded, so the PC will be barely operable.

How to prevent extension spoofing and email spam?

There is not a lot you can do about the exact email spam. Mailing will be possible until you have an active email account. However, you can do a lot to make the spam much less relevant and thus less believable.

  • Don’t spread any personal information. Crooks use it in spear phishing campaigns, which supposes creating a very realistic disguise. To make their task impossible, just don’t spread your routine mailing screenshots, info about your incoming shipments and so on.
  • Use a separate email account for work mailing and your personal needs. Seeing a work-related mail on your personal mailbox can instantly show that you are spectating the fraudulent message. During the initial target reconnaissance, crooks will likely fail to designate that these emails have different purposes.
  • Extension spoofing is much easier to prevent. There are techniques which allow the crooks to mask the file in a more reliable way, but they are rarely used these days. Most cases can easily be mirrored with simple diligence.

  • Check-up the file extensions. That advice may sound like a truism, nonetheless it is a bad idea to deny its effectiveness. Seeing doubtful things like “wallpaper.jpg.exe” or “report.xlsx.ps2” must be the trigger to your vigilance.
  • Enable the extensions displaying. By default, in fresh Windows installations and/or new user profiles you will have the file extensions hidden. That option makes the fraud possible, as I have shown you above. Enable it in File Explorer: go to View→Show→Show file extensions. That simple step is enough to uncover the tricks.
  • Enable extensions

  • Use anti-malware software.There is no more effective and easy way to mirror the malware attack than using the anti-malware solution. It is capable of monitoring the incoming files even before you’d try to open it. Hence, cybercriminals who apply these tricks will have no chance.

    The post Extension spoofing strikes Spanish-speaking countries appeared first on Gridinsoft Blog.

    ]]> https://gridinsoft.com/blogs/extension-spoofing-spanish-speakers/feed/ 0 8348