Email Spoofing/Email Security
- Thread starter cr85tx
- Start date
LordIntruder
Well-Known Member
- Reaction score
- 303
- Location
- Weilheim, Bavaria, Germany
The problem is: if someone sets up his own mta and then delivers mail with your mail address as the sender's address to anyone out in the world you can't do anything to prevent this.
nlinecomputers
Well-Known Member
- Reaction score
- 8,603
- Location
- Midland TX
You can enable SPF, DKIM, and DMARC but that is only as good the recipient's email server is at checking for it. If they don't bother to check they will get the fake mail. And if the spammer sets up his own SPF, etc it may still get in as it is coming from a "legitimate" email server just a crooked one.
Archon Prime
Well-Known Member
- Reaction score
- 1,232
- Location
- Canada
There is a very large amount within the last few months. I've been seeing an increase in SPAM/spoofing as well. not much you can do besides a good spam filter.
Markverhyden
Well-Known Member
- Reaction score
- 11,213
- Location
- Raleigh, NC
In my case I'm not seeing anything huge changes. They just seem to come and go in waves. But I do agree. Some of them are getting pretty good. Seen several that had the last four of my Amex CC number correct.
nlinecomputers
Well-Known Member
- Reaction score
- 8,603
- Location
- Midland TX
That is a first for me. I've not seen CC numbers, even partials. Any clue on who got hacked and gave up that info? Experian?
Archon Prime
Well-Known Member
- Reaction score
- 1,232
- Location
- Canada
https://haveibeenpwned.com/ is great to see if any of your emails/passwords have been compromised. the CC thing would worry the hell out of me though.
Markverhyden
Well-Known Member
- Reaction score
- 11,213
- Location
- Raleigh, NC
Not sure. I use the Amex extensively but make very few purchases online. Only two or three phishing emails had the current one. I've had plenty of others with the last 4 of a CC, Visa or MC, but they were not even close.
nlinecomputers
Well-Known Member
- Reaction score
- 8,603
- Location
- Midland TX
What bothers me most is that OUR business reputation can be brought down very fast. Some clients do not understand that there is nothing we can do about it and blame us. The fact that they are ignorant about the issue doesn't stop them from bad mouthing you or firing you. I feel sorry for the company but they could be hurt just as bad by someone snail mailing fake invoices but we don't get the blame for that.
G8racingfool
Well-Known Member
- Reaction score
- 428
- Location
- Oakland NE (No not CA)
Which is where client education and setting expectations comes into play. If you're an MSP and you offer training as part of your services get a training put together on this. If you're break/fix then ask your clients if they'd be interested in bringing you over for a training/discussion/roundtable/etc and charge accordingly for it. Get ahead of this and suddenly it turns from a reputation damaging "you don't know what you're doing" situation to a reputation building "hey, you told us to watch out for this and sure enough.." win.
Bad things happen in the IT world. Some of them can't be completely defended against. But if you talk to your clients and let them know before the bad thing happens they'll respect you more when it does happen because you've proven your expertise.
YeOldeStonecat
Well-Known Member
- Reaction score
- 6,888
- Location
- Englewood Florida
Clients love the training classes I give 'em, I just picked up a little portable projector for my laptop, or..many clients have a big TV on the wall in their conference room now, I just uplink my laptop to that. And...give examples from my folder of phish..and tell them examples of some of the scams (like the Realtor one).
Great "value add" for MSP services, and it often leads to some upsells for more security!
Great "value add" for MSP services, and it often leads to some upsells for more security!
nlinecomputers
Well-Known Member
- Reaction score
- 8,603
- Location
- Midland TX
Of course,. But the problem I am having is explaining this particular problem. I'm finding that they have a real hard time comprehending this problem. Like I said I had to print up a fake invoice on paper too get one client to understand it. And even then I'm not sure they fully got it.
G8racingfool
Well-Known Member
- Reaction score
- 428
- Location
- Oakland NE (No not CA)
Think of it this way: The "from" field of an email is just like the return address label of a piece of physical mail. I can put anything I want as the return address when I send you a letter, the post office isn't going to care. They only care about who the letter is going to. The exact same concept applies to email. Anyone can put anything they want as the "return address" (ie: sent from field) of an email and it will still go through because the only thing the "e-mailman" is worried about is who the email is going to.
(Obviously this is an extremely simplified example but honestly that's all most people need to understand where you're coming from in this case.)
Some customers are simply doomed to never understand what you tell them even if you try until blue in the face.
There are some good phishing simulators out there you can use for training which allow you to setup campaigns and send out benign phishing emails. It will report which users opened and viewed the email and which ones clicked the link or inputted information.
Great tool to show management and to highlight users who need further training
Sent from my SM-G870W using Tapatalk
There are some good phishing simulators out there you can use for training which allow you to setup campaigns and send out benign phishing emails. It will report which users opened and viewed the email and which ones clicked the link or inputted information.
Great tool to show management and to highlight users who need further training
Sent from my SM-G870W using Tapatalk
Markverhyden
Well-Known Member
- Reaction score
- 11,213
- Location
- Raleigh, NC
I've started seeing something like the below from customers are larger organizations with higher security requirements. Might be something to think about. After all security is a layered thing.
rustynails87
Member
- Reaction score
- 10
- Location
- Cape Cod
We have seen a definite increase in email spoofing and phishing in the last few months. Almost daily one of our clients is emailing or calling in about this. 90% of our clients are on Proofpoint filtering and either have Office 365 or on site exchange.
Here is an interesting one that we received. It came in as their own name and email address i have changed everything to domain.com for obvious reasons and the password they mentioned was indeed one of the passwords she used in the past:
Dear user of domain.com!
I am a spyware software developer.
Your account has been hacked by me in the summer of 2018.
I understand that it is hard to believe, but here is my evidence:
- I sent you this email from your account.
- Password from account owner@domain.com: Jk23449$ (on moment of hack).
The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).
I went around the security system in the router, installed an exploit there.
When you went online, my exploit downloaded my malicious code (rootkit) to your device.
This is driver software, I constantly updated it, so your antivirus is silent all time.
Since then I have been following you (I can connect to your device via the VNC protocol).
That is, I can see absolutely everything that you do, view and download your files and any data to yourself.
I also have access to the camera on your device, and I periodically take photos and videos with you.
At the moment, I have harvested a solid dirt... on you...
I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit.
I note that it is useless to change the passwords. My malware update passwords from your accounts every times.
I know what you like hard funs (adult sites).
Oh, yes .. I'm know your secret life, which you are hiding from everyone.
Oh my God, what are your like... I saw THIS ... Oh, you dirty naughty person ...
I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera.
Believe it turned out very high quality!
So, to the business!
I'm sure you don't want to show these files and visiting history to all your contacts.
Transfer $853 to my Bitcoin cryptocurrency wallet: 1GXazHVQUdJEtpe62UFozFibPa8ToDoUn3
Just copy and paste the wallet number when transferring.
If you do not know how to do this - ask Google.
My system automatically recognizes the translation.
As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system.
Do not worry, I really will delete everything, since I am 'working' with many people who have fallen into your position.
You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it.
Since opening this letter you have 48 hours.
If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted, and from my server will automatically send email and sms to all your contacts with compromising material.
I advise you to remain prudent and not engage in nonsense (all files on my server).
Good luck!
Here is an interesting one that we received. It came in as their own name and email address i have changed everything to domain.com for obvious reasons and the password they mentioned was indeed one of the passwords she used in the past:
Dear user of domain.com!
I am a spyware software developer.
Your account has been hacked by me in the summer of 2018.
I understand that it is hard to believe, but here is my evidence:
- I sent you this email from your account.
- Password from account owner@domain.com: Jk23449$ (on moment of hack).
The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).
I went around the security system in the router, installed an exploit there.
When you went online, my exploit downloaded my malicious code (rootkit) to your device.
This is driver software, I constantly updated it, so your antivirus is silent all time.
Since then I have been following you (I can connect to your device via the VNC protocol).
That is, I can see absolutely everything that you do, view and download your files and any data to yourself.
I also have access to the camera on your device, and I periodically take photos and videos with you.
At the moment, I have harvested a solid dirt... on you...
I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit.
I note that it is useless to change the passwords. My malware update passwords from your accounts every times.
I know what you like hard funs (adult sites).
Oh, yes .. I'm know your secret life, which you are hiding from everyone.
Oh my God, what are your like... I saw THIS ... Oh, you dirty naughty person ...
I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera.
Believe it turned out very high quality!
So, to the business!
I'm sure you don't want to show these files and visiting history to all your contacts.
Transfer $853 to my Bitcoin cryptocurrency wallet: 1GXazHVQUdJEtpe62UFozFibPa8ToDoUn3
Just copy and paste the wallet number when transferring.
If you do not know how to do this - ask Google.
My system automatically recognizes the translation.
As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system.
Do not worry, I really will delete everything, since I am 'working' with many people who have fallen into your position.
You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it.
Since opening this letter you have 48 hours.
If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted, and from my server will automatically send email and sms to all your contacts with compromising material.
I advise you to remain prudent and not engage in nonsense (all files on my server).
Good luck!
Last edited:
Porthos
Well-Known Member
- Reaction score
- 14,286
- Location
- San Antonio Tx
I bet if you check the email address at https://haveibeenpwned.com/ you will find it has been breached and sold to everyone and their grandmother.
MichaelBits
Well-Known Member
- Reaction score
- 861
- Location
- Iowa USA
Off topic, but your post reminded me of it...
Not advocating this in any way, but... if you reverse the return address with the mailing address, and forget the postage, it will get to where you want it to go.
Similar threads
