Living in an increasingly technologically augmented world, where online scamming techniques, are more ubiquitous than cute cat videos on Facebook walls, leaves us no choice, but to pay attention to the ways bad guys find clever ways to separate us from our hard earned money.
Although, most security providers are introducing us to their next-gen antivirus solutions with claims for unmatched AI/Neural based protection algorithms, they still cannot protect us from our human ways of trusting convincing sources of information with legitimate appearance.
This blog is the beggining of series of publications, where we will try to explain in simple ways Cyber Security as we see it today.
How to avoid Spoofing email scams
We can easily recognize spam when we see one in our mailbox, but seeing an odd email from a colleague —or even worse, from ourselves—in our inbox is pretty disconcerting. If you've seen an email that looks like it's from a friend, it doesn't necessarily mean they've been hacked. Spammers spoof those addresses all the time, and it's not very hard to execute. Here's how they do it, and how you can be mindful and protect your mail and identity.
Data thieves choose their targets carefully, and phish them with messages that look like they came from friends, trustworthy sources, or even their own account.
As it turns out spoofing real e-mails is easy, and that is partially why phishing is such a widespread problem. We had conducted a real life experiment, tricking colleagues with surprisingly unexpected results.
These days, most of the major e-mail providers, such as Microsoft and Google have the spam problem under control with sophisticated algorithms and filtration tools.
In the early days of e-mail's adoption, spam was a real problem so the industry had to implement measures to try to counter it. That is how the SPF (Sender Permitted Form/Sender Policy Framework) came to play. It simply matched the IP addresses of the sending mail servers to the existing register records for that domain. For example, if the domain caltechadvantage.com had a mail server recorded to an IP address of 10.134.203.90 the receiving server will match it and recognize if it does not pass the check, subsequently flagging it as a spam. This method however is not perfect and actually requires constant administration and adding of records to all domains. Facing the risk of missing valuable e-mail, most corporations had implemented a "soft" approach to the SPF methods. As a result, email is easier for corporations to manage, but phishing was easy.
Later another method, or record type was introduced. Welcome the Domain-based Message Authentication, Reporting, and Conformance or DMARC. With more advanced techniques and introduction of 10 new flags, DMARC was and it still really is the "real deal". The only problem? Not all mail providers still use it....
How spoofing works
All a bad guy needs to pull a spoof is an e-mail server. And that does not even mean a real server computer. They need a piece of mail server software, and mailing software to send the message from. Simply compose a message, put in the "from" and "to" addresses, and click send. On the recipient's end, they'll get an email in their inbox that looks like it came from the address the hacker typed in. Some SPF servers would catch the fake FROM address and block the message, but far from all. Since SPF never really caught on in the way it was intended the technology is not a reliable protection method.
How to protect yourself if in doubt
The only way to tell that the email isn't from the person it looks like is to dig into the headers and know what you're looking for. That's a pretty tall order for even the tech-savvy among us—who has time for that in the middle of a busy workday? Even a quick reply to the spoofed email would just generate confusion. It's a perfect way to cause a little chaos or target individuals to get them to compromise their own PCs or give up login information. But if you see something that's even a little suspicious, you at least have one more tool in your arsenal.
So, if you're looking to protect your inboxes from messages like this, there are a couple of things you can do:
Use your spam filters, and use tools like Priority Inbox.
Setting your spam filters a little stronger may—depending on your mail provider—make the difference between a message that fails its SPF check landing in spam versus your inbox. Similarly, if you can use services like O365 Priority Inbox or Apple's VIP, you essentially let the mail server figure out the important people for you. If an important person is spoofed, you'll still get it, though.
Learn to read message headers, and trace IP addresses. That is a good skill to have. When a suspicious email comes in, you'll be able to open the headers, look at the IP address of the sender, and see if it matches up with previous emails from the same person. You can even do a reverse lookup on the sender's IP to see where it came from.
Never click unfamiliar links or download unfamiliar attachments. This may seem like a no-brainer, but all it takes is one employee in a company seeing a message from their boss or someone else in the company to open an attachment or click a funny Google Docs link to expose the entire corporate network. Many of us think we're above being tricked that way, but it happens all the time.
If you own your own domain, file DMARC records for it - you have control over how aggressive you want to be, but read up on how to file DMARC records and update yours with your domain registrar. If you're not sure how, they should be able to help. If you're getting spoofed messages on a company account, let your corporate IT know.
And naturally, the weakest link in any security is the end-user. That means that you'll need to keep your scam sensors turned on every time you get an email you weren't expecting. Educate yourself. Keep your anti-malware software up to date. Unleash your inner detective!