The wave of bogus e-mails: the number of attacks with fake sender e-mail addresses almost doubled between April and May 2021 June 15, 2021 Counterfeit sender e-mail addresses are the creation of fake e-mail addresses that look real force deceived users to act in favor of attackers. This may include downloading malware, providing access to systems or data, providing personal information, or transferring money.
Often, these fake emails appear to have come from reputable organizations, endangering not only the victims but also the reputation of the companies whose domain has been misused. In addition, spoofing a sender’s email address can be part of a wider range of multi-stage attacks, such as corporate docking. And the number of these attacks is growing.
Between April and May 2021, the total number of attacks with fake sender email addresses almost doubled from 4440 to 8204. These types of attacks can be carried out in different ways. The simplest is the so-called real domain forgery. Someone puts the domain header of the organization they pretend to be in the “No” row, making a fake email address extremely difficult to distinguish from the real one. However, if a company has implemented one of the latest mail authentication methods, attackers will have to resort to another method. It can be a falsification of the display name when attackers pretend to be the person sending the email, that is, making the email look like it was sent by a real company employee.
More sophisticated spoofing attacks involve similar domains: Attackers use certain registered domains that look similar to the domains of real organizations.
Example email from a similar domain
In the previous example, the attackers sent an e-mail that appears to have come from the German postal company Deutsche Post. (deutschepost.de). The e-mail says that you have to pay for the delivery of the package, but if you click on the link to do so, you will not only lose 3 euros, but will also give your card details to fraudsters. On closer inspection, users may notice a spelling mistake in the domain name and thus realize that the email is fake. However, this is not possible with Unicode counterfeits.
Unicode is a standard used to encode domains, but if non-Latin elements are used in domain names, these elements are converted from Unicode to another coding system. Thus, at the code level, two domain names may look different, such as kaspersky.com and kaspersky.com with Cyrillic y, but they will both look like “kaspersky.com” in the “No” header line of sent emails.
„Compared to some other methods used by cybercriminals, counterfeiting may seem primitive, but it can be very effective. It can also be the first step in a more complex corporate email hacking attack – an attack that can lead to identity theft and downtime, as well as significant monetary loss. The good news is that there are a number of anti-counterfeiting solutions and new authentication standards that can keep your corporate email secure., ”Comments Kaspersky security expert Roman Dedenok.
Learn more about how to run counterfeit attacks and how to protect yourself „Securelist”.
To reduce the risk of the company becoming a victim of counterfeiting, Kaspersky experts recommend the following:
-
Use a corporate email authentication method such as SPF, DKIM and DMARC.
-
Master security awareness course, which covers e-mail security. It helps teach employees to always check the sender’s address when they receive emails from strangers, as well as introduce them to other basic rules.
-
If you use the Microsoft 365 cloud service, don’t forget to protect it.
Par „Kaspersky”
„Kaspersky is an international cyber security and digital information protection company founded in 1997. Kaspersky’s deep threat awareness and security expertise is constantly evolving into innovative security solutions and services to protect businesses, critical infrastructures, governments and consumers around the world. The company’s comprehensive security range includes the best terminal protection and a number of specialized security solutions and services to combat complex and changing digital threats. More than 400 million users are protected by Kaspersky technology, and we help 240,000 corporate clients to protect what is most important to them. Learn more at www.kaspersky.com.
„Kaspersky”
–
