" forged email Archives - Page 2 of 2 - LuxSci

Posts Tagged ‘forged email’

Analyzing a Forged Email Message: How to Tell It Was Forged?

Monday, February 9th, 2015

In our previous posting, we looked at exactly how Spammers and hackers can send forged email — how its is possible and how it is done.  Therein, we gave an example how one could send an email forged to be from Bank of America.

In this post, we will look at that forged Bank of America email to see technically what it looks like and how it differs from legitimate email from Bank of America.

What can we learn that allows us to detect forged email in the future?

The Forgery: Received.

The forged email from Bank of America was based on a legitimate email message, so that the forgery could look as close as possible to actual email from them.

In truth, the majority of forged email simply changes the “From” address and does not bother with anything else.  These forged messages are used for Spam and hope the forgery fools enough people to be worth it, through numbers.  What we are looking at here is a more carefully crafted message designed to fool filters and a careful eye.  These kinds of fakes might be used in spear phishing attacks on an individual or in more sophisticated Spam campaigns.

The the forged Bank of America email that arrived in the recipient’s mail box looked like this (the raw headers):

Read the rest of this post »

How can Spammers and Hackers Send Forged Email?

Thursday, February 5th, 2015

Everyone has seen spam messages arrive with a “From” address that is your own address, a colleague’s, a friends, or that of some company that you work with or use.  These From addresses are forged to help the messages (a) get by your spam filters, and (b) get by your “eyeball filters”.

But how are these folks “allowed” to do that?

When email was first developed, there was no concept of the need for security; protections against identity theft and forgery were not part of the plan.  As a result, it is actually trivial for one to send an email with a forged “From” address and even some forged “Received” tracking lines by just connecting to your target’s email server and telling it whatever you want.

Let’s try to send an email to the address “testuser@luxsci.net” pretending to be from “Bank of America”.  The purpose of this exercise is not to teach you how to send forged email so much (this is not a new technique) as to set the stage for understanding how to detect and combat these kinds of messages.

Read the rest of this post »