Saturday, 14 January 2012

Email spoofing Hacking class 21


 What is email Spoofing? How email spoofing works? What are the different ways to send spoofed emails? Can we detect spoofed emails or not?   In my later hacking class tutorials i will explain you how to send spoofed emails using email spoofing tools or by simply web applications. So Let's start from very basic..
What is Email Spoofing?
Email spoofing refers to the process of sending an email message from one source, but making it appear as though the email was sent from a different source. For example, an email originates from user@domain.com but it appears to be from email@address.com. Another method of spoofing is to make the message appear to come from an unknown user within your domain name. For example, the message appears to be from support@yourdomain.com.
This does not mean that your email account was compromised. It means that the sender has fooled the mail client into believing the email originated from a different address.
This is usually done for malicious reasons, either to distribute unsolicited email or to distribute email viruses. Unfortunately, there is no real way to prevent spoofing from occurring. If you receive an email that has questionable content, it is recommended to delete the email message or use an antivirus program to scan the message before opening it.
I will recommend users to read the following article to know about How email works:

How Does Email Spoofing Work?
 Basically, email spoofing alters the email header to make it appear as though it originated from a different source address. This is possible due to the simple mail transfer protocol (SMTP) not supporting any type of sending authentication. Originally, email spoofing was used for legitimate reasons when someone wanted to send mail appearing to be from their email address when logged on to a network that was not their own. Nowadays, it is commonly used for sending spam or malicious mails means for sending viruses or phishing page links or simply spreading the botnets. The email fields can be edited in many email clients and automated spam and hacker tool kits that are currently available in the market or you can also also edit them manually if you know little bit of programming and hacking.
  

Why do People Spoof Email?
Email is primarily spoofed for one of two basic reasons: 
1 – Spam means for Email marketing or spreading a message to several users.
2 – To conduct a phishing or spear phishing attack.  

If you want to learn more about phishing then i will recommend you to read this article:

Spammers will spoof the “from” field many times in order to hide their identity from the email recipients. The message body will have advertisements, or links to offers the spammers are trying to sell to the recipients. They change the “From” field in the email in order to make it harder to determine their identity and avoid complaints from the end-user. 

Those who spoof email for malicious intent are simply called Crackers and they typically do so as part of a phishing attack that is for sending phishing page links. They will spoof the email to be from someone else on the same domain as the receiver. In a spear phishing attack, the email may be changed to be from a legitimate friend or co-worker of the person receiving the email. This results in a greater possibility of the targeted person opening the email and falling victim to malware or spyware attack.


What are the Techniques to Spoof Email?
Although it is straight forward to change the “From” field in an email header, the email can still be traced to the sender. But most of  the major ISP’s maintain “black lists” to ban known senders of spam from sending email traffic to users on their network(s). As a result, spammers have now evolved to using specialized software to create a random sending email address. These email addresses will rarely be active or used for a second time. 

Another technique used by those conducting spear phishing attacks is to hack the account password(s) for one or more people in the organization or some normal victim. Once its hacked, the emails in the address book are used to conduct additional attacks by placing those in the “From” field in email making them to appear to be legitimate. This same technique is also used by email worms(botnets) to self-propagate through unsuspecting users opening infected email sent by the respective worm.


Can Spoofed Emails be Detected?
Now a major question arises that can we trace such activities that is email spoofing.  Answer is simply no if user is smart enough that is he has used a  proxy server while sending the spoofed email and answer is Yes if a novice hacker has send it without spoofing his IP address.
I would recommend you to read this article to hide your IP and remain anonymous while sending emails and performing such hacking activites:

Many people mistakenly believe that sending spoofed email The IP address used to sent an rmail is logged and is traceable. This address can then be used to cross-reference with the ISP DHCP records to determine who sent the email. If you are simply trying to trick your sibling or friends, it will appear to be from the “faked” email address. This is why spammers and hackers will not send spoofed email from their own IP address(es), instead routing the spam through other destinations before sending it to the desired recipients.

If you want to learn more about How to trace an email address that you have send you the email and from which IP address the read the following article:

No comments:

Post a Comment