{"id":63967,"date":"2022-12-22T12:36:40","date_gmt":"2022-12-22T11:36:40","guid":{"rendered":"https:\/\/blog.mailfence.com\/o-que-e-email-spoofing\/"},"modified":"2024-10-23T12:07:03","modified_gmt":"2024-10-23T10:07:03","slug":"o-que-e-email-spoofing","status":"publish","type":"post","link":"https:\/\/blog.mailfence.com\/pt\/o-que-e-email-spoofing\/","title":{"rendered":"O que \u00e9 email spoofing e como identificar emails falsos?"},"content":{"rendered":"\n
\"Email<\/figure>\n\n\n\n

<\/p>\n\n\n\n

Email spoofing is a cyberattack in which a malicious actor impersonates a legitimate sender. They hide their identity by sending an email from a fake email address.<\/strong> They trick you into believing the email address is genuine<\/strong>. How does it work, and how to spot and prevent email spoofing? Let’s have a look.<\/strong><\/p>\n\n\n\n

What is Email Spoofing?<\/h2>\n\n\n\n

Email spoofing is a very popular cyberattack tactic that is often used in phishing<\/a> campaigns and many other social engineering<\/a> schemes.<\/p>\n\n\n\n

The idea is very simple. You are much more likely to open and respond to an email if you think it came from a legitimate and known sender. Therefore, the point is to send a fraudulent email from a seemingly genuine sending address. <\/p>\n\n\n\n

It can be a colleague, family member, boss, service, or brand you are using, etc. Basically, anyone you might trust and whose email you’re likely to open and reply to without double-checking.<\/p>\n\n\n\n

How does Email Spoofing Work?<\/h2>\n\n\n\n

Email spoofing is notoriously easy to do as it only requires a common email platform like Gmail or Outlook and an SMTP (Simple Mail Transfer Protocol) server.<\/strong><\/p>\n\n\n\n

The reason why it works is that SMTP has no way to authenticate the sender’s email address, which allows the hacker to forge the email header<\/a>, specifically the FROM, REPLY-TO and RETURN-PATH fields.<\/p>\n\n\n\n

There are three ways that an email can be spoofed:<\/p>\n\n\n\n

Via the Display Name<\/h3>\n\n\n\n

This type of email spoofing is the most common and easiest to do. In it, the hacker first opens a new email account (usually Gmail) with the same name as the person or brand that they want to impersonate.<\/p>\n\n\n\n

For instance, you might get an email from Elon Musk that looks like this:<\/p>\n\n\n\n

\"Email<\/figure>\n\n\n\n

Obviously, if you think that Elon Musk has no better recruitment process than randomly emailing strangers, then you’re extremely naive. But this tactic still works for a number of reasons.<\/p>\n\n\n\n

Namely:<\/p>\n\n\n\n

    \n
  1. It comes from a legitimate email address<\/strong>. This is just a Gmail account I created in less than a minute and used to send an email as “Elon Musk” to another of my accounts to show how easy it is. As a result, the email didn’t go to the spam folder, but straight to the inbox.<\/li>\n\n\n\n
  2. It exploits the email user interface. <\/strong>Since the user interface will only show the display name and not the actual sender’s email address or metadata, along with the subject line and part of the message, anyone can impersonate someone like Elon Musk this way.<\/li>\n<\/ol>\n\n\n\n

    Via Lookalike Domains<\/h3>\n\n\n\n

    Of course, anyone can create a Gmail account, but most businesses use a custom email domain.<\/p>\n\n\n\n

    For example, let’s say a business uses the domain @business.co.<\/p>\n\n\n\n

    All an attacker has to do is create a similar domain, like @bvsness.co and by changing just one character, make their email look like it comes from a legitimate brand to an untrained or inattentive eye.<\/p>\n\n\n\n

    Very often, this type of spoofing is used to trick users into revealing their passwords or to transfer money to the attacker by impersonating a legitimate company.<\/p>\n\n\n\n

    Via Legitimate Domains<\/h3>\n\n\n\n

    Still, you can easily spot email spoofing via lookalike domains if you just pay a little attention to the domain itself.<\/p>\n\n\n\n

    However, hackers can also use legitimate domain names to make their emails even more believable.<\/p>\n\n\n\n

    Again, this is because SMTP has no way to authenticate the sender. The hacker can manually specify the FROM field to look like it comes from someone working in a specific company, whereas they don’t.<\/p>\n\n\n\n

    Why Would Someone Spoof Emails?<\/h2>\n\n\n\n

    The obvious answer to “why would someone spoof emails?” is because they want to hide their true identity and impersonate someone else, all in order to facilitate illegal or malicious gain.<\/p>\n\n\n\n

    They have various reasons for doing so:<\/p>\n\n\n\n