Email Phishing - Email Spoofing - Spear Phishing

English

Email phishing is a method that hackers use to steal personal information, like credit card details or login credentials.

This is accomplished by sending an email to the "multiple" victims, but not before duplicating an existing login page from an online service like your bank, mail service provider or a PayPal account verification.

Unlike spear-phishing attacks, phishing attacks are not personalized to their victims.

Spear-phishing attackers target specific victims who put personal information on the internet, where they can view individual profiles while scanning a social networking site like Facebook.

From your profile, they will be able to find a the email address, friends list, geographic location and whatever else you have posted or liked.

They will make the phishing mail personal and although this is more difficult for the attacker to accomplish, with all of this information, the attacker would be able to act as a friend or a familiar entity.

To increase their success rates, these messages often contain urgent explanations on why they need sensitive information.

In both cases, the email usually contains a link to a fake website or the download of a file or archive.

Sometimes the domain name looks almost identical to the original.

The fake website will look identical to the original site, but instead it contains malicious code that sends all personal data you submit via a login form, payment credentials form or other, ( see code injection ) directly to the hacker.

Present link or links presented in the e-mail, hover the mouse above it to see where it lead, DO NOT CLICK !

Email phishing and spoofing of an email address.

How you can find out if the email is legit or not.

Check the email address, not just the display name and the most obvious things.

  • Sender Name ( Bank name etc. is it correct ). NOTE: Banks usually 'NEVER', send anything via email.
  • The subject, does it contain alarming or aggressive subject lines to try to convince you to follow the links inside.
  • Look for spelling and grammar mistakes.
  • Anything vague should make you suspicious.
  • Does it contain requests for personal information.
  • Look for contact information in professional emails, usually found in the footer.
  • Does it contain overly much professional jargon.

Look in the email header. Does it contain any unknown or very suspicious looking sender/reciever.

  • In Apple's Mail app, you can find header information by selecting the message you want to review, choosing "View" at the top of the app screen, then "Message," then "All Headers." You can also press Shift+Command+H.
     
  • In Outlook, select View/Options.
     
  • In Outlook Express, select Properties/Details.
     
  • In Hotmail go to Options/Mail Display Settings/Message Headers and select "Full."
     
  • In Yahoo! Mail select "Full Headers."Check the email address, not just the display name

The email addresses in the header should match the email address it's supposed to be coming from.

Now if the header looks authentic, the potential attacker probably belongs to a criminal group and they are using email spoofing.

Email spoofing.

The forgery of an email header to make it look like the message appears to have originated from someone or somewhere, other than the actual source.

It is a popular tactic used in phishing and spam campaigns, because people are more likely to open an email, when they think it has been sent by a legitimate or familiar source.

Email spoofing can be easily achieved with a working Simple Mail Transfer Protocol (SMTP) server and mailing software like Outlook or Gmail. Once an email message is composed, the scammer can forge fields found within the message header.

Like the FROM, REPLY-TO and RETURN-PATH addresses.

After the email is sent, it will appear in the recipient's mailbox appearing to have come from the address that was entered.

This is possible to achieve because the SMTP protocol does not provide a mechanism for addressing authentication.

Email code.

Look at the emails HTML code for the sending IP-address so you can trace it back to the real sender, by doing a reverse IP lookup. If the email originates from your GMail, Outtlok or other free email service (look inside you outbound email box ), then your account has been hacked.

Final word.

If all else fails, contact the sender directly, but first look at the bank or company website and confirm the phone numbers, address etc.

Games For Linux

Windows has always been the preferred platform for gaming, but after STEAM's interest in Linux more game developers are making their games natively available for Linux.

Disclaimer

All information on this website is published in good faith and for general educational purposes and for use in safe testing environments only. While linuxexperten.com strives to make the information on this site as accurate as possible, linuxexperten.com does not warrant its completeness, reliability and accuracy.

We are not responsible for any losses or damages associated with the use of our website. While we strive to provide only links to useful websites, we have no control over the content of these sites and links to other sites do not constitute a recommendation for all content contained on these websites.

 

Site Information

This is a professional review site that receives compensation from the companies whose products reviewed. Each service or product are thoroughly tested and given high marks if considered to be the very best. Independently owned and the opinions expressed here are no one elses.

 

Limited Time Offers

Coming soon...