More information:

info@fextor.net

This type of attack is possible thanks to the fact that Simple Mail Transfer Protocol (SMTP), the main protocol for sending e-mails, does not provide any authentication mechanism for the source address; therefore, a person with certain technical knowledge could modify the headers of an email. The attackers usually look for, preferably, badly configured mail servers that have the SMTP port open or even, they can set up their own servers to send emails with a fake domain, very similar to the original, for example “@ exarmple.com” instead from “@ example.com”. Depending on the format of the email, it can be difficult for a common user to differentiate a trusted email from a fraudulent one.

In this sense, due to the lack of authentication in the SMTP protocol, Email Spoofing attacks have been very common over the years, which is why the main email providers have implemented a series of algorithms and techniques in order to detect and alert users in the event of a suspicious email. Among the main ones are SPF (Sender Policy Framework), DKIM (Domain Key Identified Mail), DMARC (Domain-Based Message Authentication, Reporting, and Conformance).

Through social engineering techniques, these types of attacks are used to deceive the victims; however, the content of fraudulent emails usually lacks proper wording and in many cases contains spelling mistakes and writing inconsistencies. The safest way to avoid this type of attack will always be to keep an updated antivirus, maintain a reasonable posture of skepticism and in case of suspicion, avoid providing personal information or downloading attachments until the authenticity of the sender is verified.

If you have been the victim of one of these attacks or suspect that there is malicious software on your computer equipment, including smartphones, do not hesitate to contact us and we will advise you to avoid this type of attack and protect your devices.

Always ask yourself, is this real?