Analyzing a Forged Email Message: How to Tell It Was Forged?
Monday, February 9th, 2015In our previous posting, we looked at exactly how Spammers and hackers can send forged email — how its is possible and how it is done. Therein, we gave an example how one could send an email forged to be from Bank of America.
In this post, we will look at that forged Bank of America email to see technically what it looks like and how it differs from legitimate email from Bank of America.
What can we learn that allows us to detect forged email in the future?
The Forgery: Received.
The forged email from Bank of America was based on a legitimate email message, so that the forgery could look as close as possible to actual email from them.
In truth, the majority of forged email simply changes the “From” address and does not bother with anything else. These forged messages are used for Spam and hope the forgery fools enough people to be worth it, through numbers. What we are looking at here is a more carefully crafted message designed to fool filters and a careful eye. These kinds of fakes might be used in spear phishing attacks on an individual or in more sophisticated Spam campaigns.
The the forged Bank of America email that arrived in the recipient’s mail box looked like this (the raw headers):
Read the rest of this post »