As we go into the long Memorial Day weekend, many users will be checking their phones for new emails, or taking advantage of holiday shopping deals and making online purchases. Cybercriminals are aware of this and will use tactics to try and get you to open a malicious email. While you may think you are receiving an email from a known contact or trusted organization, this email could be from a cybercriminal.
Spoofing is a tactic often employed by threat actors in these malicious email attempts; however, understanding how to identify spoofing techniques can prevent victimization.
What is Email Spoofing?
The answer is – email spoofing occurs when someone pretends to be a trusted source by manipulating the email sender’s information. They can change the sender display name and/or email address to that of a trusted entity. Cybercriminals depend on the trust between you and this source to convince you to take action on the email, such as clicking a link, opening an attachment, or divulging sensitive information. Two methods of spoofing used by threat actors have displayed name spoofing and email address spoofing.
Display Name Spoofing and Email Address Spoofing: What’s the Difference?
While both these attacks fall under spoofing, there are key differences that set them apart.
- Display name spoofing is when a threat actor changes the display name visible in the sender line of an email to that of a known source. Threat actors rely on this tactic as it is trivial to execute and recipients often only take the time to verify the display name – not the actual email address.
- Email address spoofing is when the threat actor changes the sender’s email address displayed to the user. This is often done along with display name spoofing, making the sender information visible to the recipient and appear legitimate. While email address spoofing is more involved than display name spoofing, neither is difficult to execute. Both techniques can be conducted with ease and significantly increase the likelihood that the threat actor will succeed in using this email attack vector.
How can you identify email spoofing?
Check the Sender
Display name spoofing is relatively easy to identify. If you are on your phone’s email app, you may have to expand the email’s “To” information in order to see the full email address of the sender. In simple display name spoofing attempts, the display name will appear legitimate, but the associated email address will not correlate with whom the sender claims to be.
Cybercriminals may also use email domain names that resemble legitimate domain names in order to trick the email recipient. For example, a threat actor could use the email address [email protected][.]com and claim the email is from Google; however, what looks like the lowercase “L” in Google was replaced with an uppercase “I,” only giving the appearance of legitimacy. Another common tactic is to add or remove a letter from the domain, such as sending an email from [email protected][.]com instead of [email protected][.]com – notice the added ’s’ to the domain name.
Question the Contents
While humans are often the weakest link, they can also be an incredible asset in cyber defense and resiliency. Think critically when you sort through your emails and ask yourself if you are expecting the email. If any red flags pop up, inspect all emails with scrutiny.
Urgency is a common tactic used in malicious emails; if the language used intends to push the recipient to act quickly, take a moment to ask yourself if the message makes sense. Oftentimes, we get used to the cycle of receiving and responding to emails and let our guard down.
While it may be tedious to double-check emails for legitimacy, a malware infection or credential compromise resulting from a successful phishing attack using display name or email address spoofing could have lasting implications and devastating impacts.
In summary, maintaining awareness of the tactics used by cybercriminals in their exploitation efforts can help to reduce victimization and keep accounts and networks better secured.
Please contact powersolution if you would like to discuss spoofing — or if you have any other IT security questions or concerns. Please call (201) 493-1414 x 321.