Email and Domain Spoofing

Spam has been around for a surprisingly long time.

The key idea behind spoofing is that the email is coming from someone that isn’t who they claim to be, yet they make it really hard for the average user to be able to recognize the impersonation. Another aspect is that the sender appears to be a very familiar entity to the receiver. This makes the receiver lower their guard. Domain spoofing could involve the criminal using look alike domains, such as sending an email from sales@PaypaI.com. Did you notice there was a capitalized “i” in PaypaI, instaed of a lower case “L”? There are shortcomings with the email structure (as we laid out earlier) that enable this. There are also many ways where the criminal can trick you into believing they represent a brand, that require more than the naked eye to ensure your safety.

Email Attachments

Increasingly used to a variety of malicious means, email attachments offer criminals easy access to your computer and network. These can happen if you download a Microsoft Office document attached to an email that contains scripts (also known as macros). This can allow the document to install malicious scripts onto your computer, which can result in a very wide range of malware. More simply, scammers can send across invoices attached with urgent messages, that while they will have a very low success rate, do work (more on that later).

Email Impersonation

Commonly used in phishing scams, these will fool all but the most discerning eye into believing they are from a trusted sender. These will mimic the design that recipients expect, with an urgent call to action.

Invoice scams would also fall under this category where the invoice looks like it comes from a supplier you are familiar with and actually use, but once downloaded might install malware (or just get you to unwittingly send money to a criminal).

Malicious URLs

If a criminal can get you to click on a link in an email, their likelihood of success increases significantly. To do so, they will go to lengths to hide the true URL, through a variety of technical means. Their goal is to get you to think you are heading to one site, and you wind up on a site that may install malware on your computer, ask for confidential information or other cyber security threats.

Website-Based (or “Hosted”) Threats

Like we said previously, if the criminal can get you onto his or her turf, they can trick you in many ways. On a phishing website, a scammer will make you think you are on a familiar site or with a familiar company and ask you for information they can later use against you. Credential phishing is one very common form of this, where they’ll often ask you to reset a password (and you will enter it into a form controlled by the criminal). Other techniques could be fear-based (“your computer has been infected, install this software”) or running malicious scripts in the background. URLs may also be delivered via email as benign at first, but then malware can be uploaded to destination sites after the fact.

It can also show up as cyber-assisted fraud, where an email will start the process, and be used to weed out “uninterested” recipients, while those that have taken the bait will be groomed for maximum damage.

Learning to be Skeptical

Different vectors, some are easier than others to ward off. There are ways to develop an eye for identifying malicious emails that we will touch on in the next module. That, along with a healthy dose of skepticism and awareness of the basics will keep you on the straight and narrow.