Email spoofing, also known as spoofing email, involves forging the sender’s email address. Often, the address in the sender’s field is fake; any responses sent to this address will likely reach a third party. The primary goal of this scam is to deceive the user.

Fraudsters deploy a variety of tactics to execute a successful spoofing attack ¹. Below, we explore the most common methods they use.

1. Sharing a Similar Domain

To successfully spoof an email, fraudsters meticulously imitate sender addresses that appear similar to those of well-known organizations or companies. They typically:

• Alter the top-level domain, for example, from support@spotify.com to support@spotify.co
• Change the domain to include a country code, for example, support@spotify.com.ru
• Modify a single character in the domain name, turning support@spotify.com into support@spatify.com
• Use a variant of the domain that still references the brand, such as support@spotifyinfo.com
• Create an email address that incorporates the company’s name, like support.spotify@gmail.com

2. Substituting the Sender’s Name

This tactic involves falsifying the sender’s name, with the “From” and “Reply-To” headers displaying the fraudster’s address instead. This method is particularly prevalent on mobile mail clients, which typically only display the sender’s name. Fraudsters may use:

• Misleading variations of the company’s name.
• Fabricated names paired with deceptive email addresses.

Imagine that you receive an email like this:

Notice that all fields are correct, but the From and Reply-To fields are not. When Dude1 receives this email, he may think it’s from his boss. When he hits “Reply,” all he’ll see in the To: field is the name “BossMan,” but it will actually go back to his friend who spoofed the email, Dude2.

3. Changes the significance of the From and Reply-to fields

Because the SMTP protocol does not authenticate headers, fraudsters can easily forge addresses in the From and Reply fields without being noticed. Thus, they have the privilege of not being caught, as a fake is almost no different from the original.

Protection from Email Spoofing

To effectively guard against email spoofing, it’s essential to configure email security protocols such as SPF, DKIM, and DMARC. Below, you’ll find step-by-step guides on how to set up these protocols for popular email platforms:

1. Setting Up SPF (Sender Policy Framework)

SPF helps to verify that incoming mail from a domain comes from a host authorized by that domain’s administrators.

• Gmail: Go to the Google Admin console, navigate to ‘Domains’, and then ‘Add a domain or a domain alias’. Add the SPF record in your DNS settings: v=spf1 include:_spf.google.com ~all
• Outlook: In the Microsoft 365 admin center, go to ‘Settings’ → ‘Domains’, select your domain, and add the SPF record to your DNS settings: v=spf1 include:spf.protection.outlook.com -all

2. Implementing DKIM (DomainKeys Identified Mail)

DKIM (DomainKeys Identified Mail) adds an encrypted signature to outgoing emails, allowing the receiver to verify that an email was indeed sent and authorized by the owner of the sending domain. Setting up DKIM correctly can help prevent email spoofing by verifying the authenticity of the sender. Here’s how to set up DKIM for Gmail and Outlook:

Implementing DKIM for Gmail:

To configure DKIM for Gmail, use the following steps:

1. Sign in to the Google Admin console.
2. Navigate to Apps → Google Workspace → Gmail → Authenticate email.
3. Select the domain for which you want to set up DKIM and click GENERATE NEW RECORD. You might see this option only if you haven’t already set up DKIM for your domain.
4. Choose a key length of 2048 bits for better security (1024 bits is also available but less secure).
5. After generating the DKIM key, Google will provide you with a TXT record to add to your domain’s DNS. It will look something like this:

   google._domainkey IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSq...AB"

   This is your public key.

6. Add this record to your DNS settings at your domain host. Keep in mind that DNS propagation can take up to 48 hours.
7. Once the DNS has propagated, return to the Admin console and click START AUTHENTICATION.

When DKIM is set up correctly, Gmail will sign outgoing emails automatically, allowing recipient servers to verify their authenticity.

Implementing DKIM for Outlook:

For users of Microsoft 365 or Outlook, the setup process involves similar steps:

1. Login to the Microsoft 365 Defender portal.
2. Go to Email & collaboration → Policies & rules → Threat policies → DKIM.
3. Choose the domain you wish to enable DKIM for and click Enable.
4. If no DKIM keys exist, Microsoft will prompt you to create them. Click on Create to generate the keys.
5. Microsoft will then provide two CNAME records to add to your domain’s DNS. These records delegate the DKIM signing authority to Microsoft. They typically look like this:
   selector1._domainkey.YOURDOMAIN.com CNAME selector1-YOURDOMAIN-com._domainkey.OURDOMAIN.onmicrosoft.com
selector2._domainkey.YOURDOMAIN.com CNAME selector2-YOURDOMAIN-com._domainkey.OURDOMAIN.onmicrosoft.com
6. Add these CNAME records to your DNS. Again, allow up to 48 hours for DNS changes to take effect.
7. Once DNS propagation is complete, go back to the Defender portal and confirm the DKIM status to ensure it is active.

Implementing DKIM for your domain significantly improves your email security by enabling email authenticity verification at the recipient’s end.

3. Configuring DMARC (Domain-based Message Authentication, Reporting, and Conformance)

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication, policy, and reporting protocol. It builds on SPF and DKIM protocols, helping email receivers determine if a given message aligns with what the receiver knows about the sender. If not, DMARC includes guidance on how to handle these discrepancies. Here’s a step-by-step guide to setting up DMARC:

Understanding DMARC Policy:

Before setting up DMARC, you need to understand the policies you can apply:

Steps to Configure DMARC:

1. Create a DMARC record: A DMARC policy is published as a DNS TXT record. The typical format of a DMARC record looks like this:

   v=DMARC1; p=none; rua=mailto:admin@yourdomain.com

   In this example, ‘p=none’ specifies the policy, and ‘rua’ indicates where aggregate reports of DMARC failures will be sent.

2. Choose Your Policy: Decide which policy (none, quarantine, reject) fits your needs based on your security posture and the maturity of your SPF and DKIM setups.
3. Specify Email Reporting: Determine where you want reports of pass/fail to be sent. These reports are crucial for understanding the types of attacks targeting your domain and observing how your emails are being received on the internet. Use ‘rua’ for aggregate reports and ‘ruf’ for forensic reports:

   rua=mailto:aggregate@yourdomain.com; ruf=mailto:forensic@yourdomain.com

4. Publish the DMARC Record: Add the DMARC TXT record to your domain’s DNS. This is similar to adding SPF or DKIM records. You typically enter the record into your DNS management dashboard.
5. Monitor and Adjust: After implementing DMARC, monitor the reports you receive and adjust your policy as needed. Initially starting with a ‘none’ policy and moving to ‘quarantine’ or ‘reject’ as you confirm that legitimate emails are passing SPF and DKIM checks is a common approach.

Additional DMARC Tags:

DMARC records can include several optional tags to refine its operation:

• aspf: Alignment mode for SPF (strict or relaxed).
• adkim: Alignment mode for DKIM (strict or relaxed).
• fo: Forensic options to specify conditions under which forensic reports should be generated.
• rf: The format to be used in forensic reports.
• ri: Reporting interval for how often you want to receive the aggregate reports.

The post How to Prevent Email Spoofing appeared first on Gridinsoft Blog.

How can you identify a suspicious email as “Spam”? What steps can you take to protect your computer from potential spam infections? Is it safe to open such emails?

In this article, we will address all these questions, helping you decipher the overwhelming number of mysterious emails in your inbox, understand their origins, and provide practical tips to avoid falling prey to spam emails.

How to Identify Spam Emails

If you have never heard of this type of message or have not encountered a particular moment with “Spam”, then we will tell you about some signs:

• Check the sender’s address. Look carefully at the sender’s address bar. If there is some incomprehensible set of letters and numbers, move the cursor to the address to see it in full. If he alerts you, enter him into the search engine and try to find something about this address.
• Follow the intended query. Think logically that large companies will not ask you for personal information, registration, bank account number, insurance details, and other confidential data. If you assume for what reason this service or the company, then yes, but if it all looks as inappropriate as possible – do not fall for it, it is SpamSpam!
• Be careful if the message creates the appearance of something urgent. Do not fall for such phrases: “Urgently,” “does not require a delay,” and others like that. The intruders are trying to put pressure on you in this way. They want these headlines to make you make your decisions quickly and rashly.
• Check whether the email uses your name. The company that will send you an email will probably know your details, at least your first and last name. Such phrases like “Dear Customer” or “Dear Reader” should make you doubt their legitimacy.
• Checks grammar and spelling. What does that mean? The strange wording in the article, miswritten words, and no system can give you the idea that there is something wrong.

Examples of Spam Emails

All spam emails have different types; you need to know and understand where you can meet them.

• Spoofed emails – in this case, the attacker attempts to deceive you by stealing confidential data and impersonating a different person.
• Ads are the most common form of SpamSpam. These are often scammers, although sometimes it can be an actual advertisement or product.
• Malware warnings – TI messages suggest you click on a predefined link to protect your PC from malware.
• Money scams – in this case, the pretenders, by deception, in the form of volunteers and good virtues, try to draw money from you.
• Over-the-top promises – this you often could see on the Internet. These are promises about quick winning, fast losing weight, big payouts, and other lies.
• Forced or accidental subscriptions – you probably bought something on the Internet and know that you offered to subscribe to the newsletter about new updates after the purchase. But some companies do this secretly; after the purchase, you automatically subscribe to a hundred emails from them.
• Chain letters – this is a made-up, where you press psychologically, frightening you that something will happen to you.

How to Stop Spam Emails

If your Inbox is already crowded, making it difficult to navigate and understand where messages come from and why, follow these steps to rid yourself of the massive number of spam emails:

1. Report the email as spam. Use your email provider’s option to mark emails as spam. This helps improve spam filters and keeps your inbox clean.
2. Block spam email addresses. Block addresses that frequently send you spam. This prevents further emails from those addresses from reaching your inbox.
3. Use an email alias. Create an alias for situations where you might not want to share your main email address. This helps protect your primary inbox from spam.
4. Change your email privacy settings. Adjust your email privacy settings to limit who can send you emails and prevent your address from being publicly accessible.
5. Unsubscribe from unwanted newsletters or mailing lists. Use the unsubscribe link typically found at the bottom of newsletters and marketing emails to stop receiving them.
6. Check if your email is on the dark web. Use services that can check if your email address has been compromised or is being circulated on the dark web.
7. Use SPF and DKIM email authentication. Ensure your email provider uses SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to authenticate emails and reduce spam.

Report the Email as Spam

Reporting spam emails helps improve the spam filters of your email provider and reduces the amount of spam you receive. Here’s a step-by-step guide on how to report an email address that is sending spam:

Block Spam Email Addresses

Blocking spam email addresses prevents further emails from those addresses from reaching your inbox. Here’s a step-by-step guide on how to block an email address:

Use an Email Alias

Using an email alias can help protect your primary email address from spam and keep your inbox organized. Here’s a step-by-step guide on how to create and use an email alias:

Check if Your Email is on the Dark Web

Checking if your email is on the dark web can help you take proactive measures to protect your information. Here’s a step-by-step guide on how to check if your email is compromised:

Use SPF and DKIM Email Authentication

SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) are email authentication methods that help protect your domain from email spoofing and ensure that your emails are delivered securely. Here’s a step-by-step guide on how to use SPF and DKIM:

Monitoring and Maintenance

1. Regularly Check Your DNS Records: Ensure your SPF and DKIM records are up-to-date and correctly configured.
2. Monitor Email Deliverability: Use email deliverability tools to monitor how well your emails are being delivered and check for any issues related to SPF or DKIM.
3. Update Records as Needed: If you change email providers or add new sending sources, update your SPF and DKIM records accordingly.

The post How to Stop and Block Spam Emails appeared first on Gridinsoft Blog.

What is a phishing scam? It is an attack carried out by an attacker on a user using a form of social engineering. It often occurs through emails, text messages, and calls with a specific structure and a fraudulent motive through which the fraudster attempts to influence the victim and get what he wants. The list of desires includes passwords, account data, and malware distribution.

Related Content: QR code phishing is a growing cybersecurity threat.

You will likely notice similar emails in your inbox if you are sensitive to your privacy. At the bottom, there is often a requirement to urgently click on a link or a confirmation to enter the system, which you did not open soon. So, what to do if you fall for a phishing scam?

Five signs of a phishing scam

Below we will submit the five most common signs of the phishing scam, after which you will be able to protect yourself from such deception. It is very important to be able to define it correctly, as threat actors apply very sly tactics. In the case of spear phishing, for example, they can counterfeit the email you are waiting for – and make you trust them.

1. Identity verification in your email

Everyone saw it at least one time in their life. Each user has an account – in a bank, online store, or social network, which is tied to an email. Based on this, scammers use this as bait to make a successful phishing attack on the user.

They disguise their messages as a company or bank that you know that says they need to urgently confirm your identity to do some background check or something. In this case, you need to be very attentive and understand whether you were waiting for some message from your company or bank which may relate to your account. If you doubt the legitimacy of such confirmation, better enter the account from your application or the official website, bank, or company and check the presence of any such issues.

2. Addresses or links to a website do not look authentic

Fraudsters carefully approach the issue of falsifying addresses under the actual addresses of some offices. At first glance, these addresses may seem quite similar to the ones banks or companies use to text you. But if you look closely, you can understand that something is wrong with the name. The addresses look similar but are never the same as the official sender has.

Information in letters can also be malicious. For example, this malicious stuff can be in the links inside the message body. Clicking on them will take you to a malicious site where you’ll likely see a phishing form, or a malicious offer. To avoid this, hover over them and check the link’s current address.

3. Poor spelling and illiteracy of the writing itself

Read the letter carefully before agreeing to anything you see or read. The presence of gross grammatical and spelling errors should give you an idea of the legitimacy of this letter. Major sites, stores, banks, and companies will protect their reputations and avoid minor missteps. It is their image in the customers’ eyes, so they are interested in taking care of their visuals.

Read carefully everything you see, and look at the structure, whether there is a greeting, the central part, and a logical ending. That way, you can determine if the letter is genuine.

4. Suspicious attachment

If you have received an email with an attachment you will be asked to go to, you should check it well. Scanning the attached file with the antivirus is a good idea. At least, you should be on the alarm when seeing the offer to enable macros in the document. Through such attachments, fraudsters often try to distribute malicious URLs that lead to the installation of Trojans and malware on your device.

5. The purpose of the phishing message is to make you panic.

Here we return to our main slogan of the article – “Your account is blocked”. Yes, this is also one of the features of phishing scams. Malefactors use such phrases to drive users into a panic. It is a psychological technique so that the user does not have time to think clearly. In a panic, you go to the link or enter the info to the attached form, and thereby compromise their data.

They can add a list of frightening phrases – “your computer is infected,” “we leaked your data”, and others like that. To verify that these threats are real, log in to your accounts through official sources, not through the ones you see in a letter. Since there could be real cases of such notifications, you should verify the authenticity of such threats.

The post “Your Account Has Been Locked”: Top 5 Signs of a Phishing Scam appeared first on Gridinsoft Blog.

Types of Spoofing Attacks

For attacks to be successful, hackers can spoof many things: an IP address, a web page, a phone number, a login form, a GPS location, an email address, a text message, and even a face. Some of these actions rely on human error, while others rely on the use of hardware or software flaws. Of all the scenarios that fit the form of a spoofing attack, the following are the most common these days.

1. ARP Spoofing

This is a reasonably common man-in-the-middle attack technique. The cybercriminal fills the local network with forged Address Resolution Protocol (ARP) packets, thus disrupting the normal traffic routing process. This intervention aims to map an adversary’s MAC address to the IP address of the target LAN’s default gateway. As a result, all traffic is redirected to the attacker’s computer before reaching its destination. In addition, the attacker can change the data before forwarding it to the actual recipient or interrupt all network communications. ARP spoofing can also serve as a launching pad for DDoS ² attacks.

2. MAC Spoofing

In theory, every network adapter inside a connected device should have its own unique Media Access Control (MAC) address that cannot be found anywhere else. In practice, however, a clever hacker can change this. Using the shortcomings of some hardware drivers, an attacker can modify or spoof the MAC address. Thus, he masquerades as the device registered in the target network to bypass traditional access limiting mechanisms. In this way, he can impersonate a trusted user and perpetrate fraud such as business email compromise (BEC), data theft, or placement of malware in a digital environment.

3. IP Spoofing

In this case, the attacker sends Internet Protocol packets with a falsified source address. In this way, he hides the real online identity of the sender of the packet and thus pretends to be another computer. Also, IP spoofing³ is often used to launch DDoS attacks. It is difficult for the digital infrastructure to filter such fraudulent packets, given that each one comes from a different address, which allows the scammers to simulate legitimate traffic convincingly. In addition, this method allows bypassing authentication systems that use a device’s IP address as an important identifier.

4. DNS Cache Poisoning (DNS Spoofing)

The Domain Name System (DNS) is a kind of telephone book for the Internet. It turns familiar domain names into IP addresses that browsers understand and use to load web pages. Attackers can distort this mapping technology using the known weaknesses of DNS server caching. As a result, the victim risks navigating to a malicious copy of the intended domain. This is a good basis for phishing attacks that look very plausible.

5. Email Spoofing

Basic email protocols are pretty vulnerable and can provide an attacker with some opportunities to distort specific attributes of a message. One common vector of this attack is to change the header of an email. As a result, the sender’s address (displayed in the “From” field) appears to be real when in fact, it is not. A hacker can take advantage of this mismatch and impersonate a trusted person, such as a senior executive, colleague, or contractor. Often the BEC mentioned above scams rely on this exploitation, resorting to the use of social engineering and manipulation so that the victim, without thinking, allows a fraudulent bank transfer to take place. The purpose of email spoofing is precisely to deceive the user, not to be declassified.

6. Website Spoofing

A scammer may try to trick a victim into going to an “exact copy” of the website they usually use. Unfortunately, hackers are getting better and better at mimicking the layout, branding, and login forms. And in combination with the DNS mentioned above spoofing technique, it will be tough to find the trick. Still, website spoofing is not a perfect scheme. For maximum effect, you should send a phishing email to the victim, which will prompt the recipient to click on the malicious link. Usually, criminals use such a scheme to steal authentication data or spread malware which then gives them a backdoor into the corporate network. Also, URL spoofing can lead to identity theft.

7. Caller ID Spoofing

This is a rather old scheme, but it is still sometimes used today. In this scheme, the attacker uses loopholes in the functioning of telecommunications equipment, thereby fabricating data about the caller, which the victim sees on his phone screen. In addition to pranks, the attacker can use such techniques to forge the caller ID by posing as someone the victim knows or as a representative of a company with which the victim cooperates. Sometimes to increase the chances that the victim will answer the call, the information displayed on the smartphone display will include a well-known brand logo and physical address. This type of spoofing attack aims to get the victim to reveal personal information or pay non-existent bills.

8. Text Message Spoofing

Unlike the previous method, this one is not always used for fraudulent purposes. Today, this method is used by companies to interact with their customers. It replaces the traditional phone number with an alphanumeric string (for example, the company name) and sends text messages. Unfortunately, scammers can also use this technology as a weapon. One variation on the text-message spoofing scam involves the scammer substituting the SMS sender’s identifier for a brand name the recipient trusts. This impersonation scheme can be the basis for targeted phishing, identity theft, and the increasing frequency of gift card scams targeting organizations.

9. File Extension Spoofing

Windows systems, by default, hide file extensions to streamline user experience. However, this feature also provides an opportunity for cybercriminals to distribute malware more easily. They often employ double extensions to mask a dangerous executable file as a harmless one. For instance, a file named Resume.docx.exe will misleadingly display as a standard Word document. Thankfully, most security programs actively detect such deceptions and alert users before they open these potentially harmful files.

10. GPS Spoofing

Today, users increasingly rely on geolocation services to avoid traffic jams or get to their destination. Unfortunately, cybercriminals may trick a target device’s GPS receiver into preventing it from working correctly. National states can use GPS spoofing to avoid gathering intelligence and sometimes even sabotage other countries’ military installations. But businesses can also use it to their advantage. For example, a competitor can interfere with the navigator in the car of a CEO who is rushing to an important meeting with a potential business partner. As a result, the victim will make a wrong turn, get stuck in traffic, and be late for the meeting. This could interfere with a future deal.

11. Facial Spoofing

Facial recognition is now the basis of numerous authentication systems and is rapidly expanding. In addition to unlocking gadgets, the face could become a critical authentication factor for future tasks such as signing documents or approving wire transfers. Cybercriminals are bound to look for and exploit weaknesses in the Face ID implementation chain. Unfortunately, it’s pretty easy to do so now. For example, security analysts have demonstrated a way to fool the Windows 10 Hello facial recognition feature with an altered, printed user photo. Fraudsters with enough resources and time can detect and exploit such imperfections.

How to Avoid Spoofing?

Here are the main signs that you are being spoofed. If you encounter any of these, click “Close”, click the “Back” button, and close the browser.

• There is no padlock symbol or green bar next to the address bar. All secure authoritative websites must have an SSL certificate. The third-party CA has verified that the web address belonging to the entity is verified. But it is worth noting that SSL certificates are now free and easy to obtain. So even though there may be a padlock on the site, it does not guarantee that it is the real deal. Just remember, nothing on the Internet is 100 percent safe.
• The site does not use file encryption. HTTP, aka Hypertext Transfer Protocol, is long obsolete. Legitimate websites always use HTTPS, an encrypted version of HTTP, when transmitting data back and forth. If you are on a login page and see “HTTP” instead of “HTTPS” in your browser’s address bar, think carefully before you type anything.
• Use a password manager. It will automatically fill in your login and password log to any legitimate website that you save in your password vault. But in case you go to a phishing site, your password manager will not recognize the site and will not fill in the username and password fields for you – a clear sign that you are being spoofed.

How to Minimize the Risks of Spoofing Attacks?

The following tips will help you to minimize the risk of becoming a victim of a spoofing attack:

• Turn on your spam filter. This will protect your mailbox from most fake newsletters.
• Do not click on links or open email attachments if they come from an unknown sender. If there is a chance that the email is legitimate, contact the sender through another channel to verify that it is legitimate.
• Log in via a separate tab or window. For example, if you receive an email or message with a link asking you to do something, such as log in to your account or verify your information, do not click the link provided. Instead, open another tab or window and go directly to the site. You can also sign in through the app on your phone or tablet.
• Call back. If you receive a suspicious email, presumably from someone you know, call or write to the sender to be sure they sent the email. This is especially true if the sender makes an unusual request: “Hi, this is your boss. Can you buy ten iTunes gift cards and email them to me? Thank you.”
• Show file extensions in Windows. You can change this by clicking the “View” tab in Explorer, then checking the box to show file extensions. This will in no way prevent crooks from spoofing file extensions, but you will be able to see the spoofed extensions and not open those malicious files.
• Use a good antivirus program. For example, suppose you click on a dangerous link or attachment. In that case, a good antivirus program can warn you about the threat, stop the download, and prevent malware from entering your system or network. The most important rule is to remain vigilant. Always watch where you’re going, what you’re clicking on, and what you’re typing.

The post 11 Types of Spoofing Attacks appeared first on Gridinsoft Blog.

Massive outbreak of extension spoofing in email spam

Email spam is a form of malware spreading that became very popular at the edge of the current decade. It was used earlier as well, but with a much smaller scale. This spreading way may fit different needs – from massive spamming without target selection to spear phishing against the corporation employees. In modern practices, email spam usually contains something that makes the victim believe in the legitimacy of this letter. Background similar to the one used by FedEx, some routine patterned words about the incoming delivery – and voila – user believes you. After gaining your trust, they will try to trick you into following the link, or opening the attached file – the latter usually contains malware. The former, however, may lead the victim to the phishing page, or to the exploit site, where crooks will try to install malware.

Hence, if attaching the malware was not something new – what is the reason to wonder about the new wave? Hundreds of them happen each day, so they do not look like something worth attention. The peculiar item about those attacks is that they apply the use of extension spoofing techniques in order to disguise the attached file. That approach was not seen for a long time – but it popped up, again.

What is extension spoofing?

Extension spoofing is a trick with file names that visually changes the file format. It is based on Windows default settings of file extension display. By default, you see only the filenames – without extensions. When you spectate the opened folder in a list view mode, you’d likely fail to see the file icons. Therefore, you can add the extension you want to the end of your file, but in fact leaving it unchanged.

For example, you can make the batch script file and name it as “tuxedo-cat.png.bat”. Users will see it as “tuxedo-cat.png”, but in fact it will be the batch file that will run as soon as you’d try to open it. Moreover, low-skill users may easily miss the second extension, thinking that the first one is original. That trick is very old, but still effective – especially with the latest visual updates in Windows.

Who is under attack?

Most of the spectated cases appear in Spanish-speaking countries. Users from Mexico, Chile, Ecuador and, exactly, Spain reported the appearance of routinely looking emails with attached files. The latter had the naming like “confiromidad entrega material ].xlsx.exe or “resumenes info socioeco.xlsx.exe”. As you can see, the extension spoofing there has its easiest form – the one you can uncover by just seeing the detailed information about the file. However, the victims were tricked by the file names – they were too similar to the documents you work with everyday.

In those files, the coin miner virus is hiding. When you are trying to open this file, thinking it is legit, you will see no effects. But in the background, malware starts its nasty job. Coin miners, as you can suppose by the name, exploit your hardware to mine cryptocurrencies. Contrary to legit miners that you can install these do not let you to set how much hardware power they can use. You will see your CPU and GPU overloaded, so the PC will be barely operable.

How to prevent extension spoofing and email spam?

There is not a lot you can do about the exact email spam. Mailing will be possible until you have an active email account. However, you can do a lot to make the spam much less relevant and thus less believable.

Extension spoofing is much easier to prevent. There are techniques which allow the crooks to mask the file in a more reliable way, but they are rarely used these days. Most cases can easily be mirrored with simple diligence.