Kazmarek

Free Site Analysis 1-858-952-5400
REMOTE ASSISTANCE
  • Home
  • OnGoing Management
  • IT Services
    • Microsoft 365, Exchange Services, and Consulting
    • Cloud Solutions
    • Virtualization
    • Mobility
    • Backup & Disaster Recovery
    • Server Installation/Migration
    • VoIP
    • Network & System Administration
    • Additional Solutions
  • Why Kazmarek
    • Case Studies
    • Testimonials
    • KTS Values
  • For Clients
    • O365 Log In
    • Client Portal
    • KTS Documents
    • SonicWALL VPN Client
  • News
    • Newsletters
  • Who We Are
    • Company
    • Team
    • KTS E-Award Winners
    • KTS Values
    • Charities We Support
  • Contact Us
    • Contact Us
    • Careers

Issue No. 70May 2018

 

Email Spoofing

Email spoofing basically comes down to sending emails with a false sender address. This can be used in various ways by threat actors. Obviously pretending to be someone else can have its advantages especially if that someone else holds a position of power or trust with regards to the receiver.

Why spoof the sender address?
Although most well-known for phishing purposes, there are actually several reasons for spoofing sender addresses:
  • Hiding your true identity, although if this is the only goal it can be achieved easier by registering anonymous mail addresses.
  • Easy to rotate. If you are spamming, you are bound to be blacklisted quickly. If you’re able to switch sender addresses, who cares?
  • Pretending to be someone the receiver knows. This can be used to ask for sensitive information or just plain orders to transfer funds.
  • Pretending to be from an organization the receiver has a relationship with. Phishing attempts to get hold of bank login details etc. are the most common example.
  • To give the sender a bad name. Sending out insults or other messages that put the so-called sender in a bad light.
  • Identity theft. Being able to send messages in someone’s name can be the start of an identity theft procedure.
How are they (the bad guys) able to pull it off?
One way to spoof emails is if the evil-doer finds a mail server that has an open SMTP (Simple Mail Transfer Protocol) port.
SMTP itself lacks authentication so servers that are poorly configured in this way are prey to abusers. And there is nothing that can stop a determined attacker from setting up his own email server.
Having done that there is – freely available – software that will allow you to use any sender address you like. The receiver would have to check the full headers of the mail to find out whether the mail came from the “real sender” or if it was spoofed. This takes some knowledge and time, that you probably do not want to spend on every incoming mail. In these cases however replies go to the actual handler of the email address and not the attacker.
That is why, in cases like CEO/CFO fraud you will often see that the attackers registered a domain very similar to the one of the company they were trying to trick.
A difference in the domain that could be easily missed by the intended victim, like for example Ka$mare$.com.That will enable them to get any replies from their victim in case they were asked for more information or confirmation.
Source: Malwarbytes
To learn about the layers that you can put in place to protect
your company from email spoofing, contact us at:
Phone: 858-952-5400 x0
Email: [email protected]   

Testimonials

Testimonials

“We’re building a solid IT foundation to be able to go where we need to be for growth and success. I couldn’t be more pleased with KTS’s performance and progress on our IT Projects.”

Shawn Ellis, CFO Custom Logos

Testimonials

“Both company email migrations have were completed without a problem. Thanks to your team both transitions went smooth.Everyone with your group are both knowledgeable and professional, and you should be proud of the organization you are building.”

John Sonnen, IT & Security Director Child Safety Network

Testimonials

“We have been using KTS for our IT support for about a year now, and we are very pleased with the service we have received. Chris has been our first line person, and has been able to resolve issues quickly, and often remotely, which helps reduce costs. Our staff has really appreciated his fast response and resolution to the issues that have come up. We have also appreciated that there are other folks at KTS who can fill in if Chris is out. Thanks to all!”

Suzy Halleland, Executive Administrator Village Church

Testimonials

“I think you know we have been very happy with your service and are very grateful to have been referred to you guys. But on a more personal note, I want you to know that Kevin in your office has provided a service for us that is way over the top.”

Jeff Golumbuk, CEO Custom Logos

Testimonials

“I just wanted to thank you and your staff for the excellent service and work provided by KTS.  It has been night and day compared to our old third party IT consultant.”
Nick Walters, VP Project Management West Coast General Corp.

Testimonials

“I wanted to let you know that I am absolutely delighted with the service we have received from you and your team so far. I know we put you in a tough position with such short notice of having to jump in and take over, and we really appreciated that. But there are many other reasons as well. First, I’m so glad they discovered the hard drive problem right away, as that could have caused us a huge issue as you well know. Second, everyone that I’ve had the pleasure to work wi… Read more
Jo Barsa, CPA Barsa & Company

Testimonials

“Kazmarek is fantastic!  I’ve used every size of IT company over the past 20 years and Kazmarek is by far superior to all I’ve used.  We are extremely happy with their service and expertise.  One of the things I like most about them is that they have engineers available to respond to our prioritized needs but they also wanted to give us the best customer service possible so they went above and beyond and put in place an escalation plan so that if I feel the response time i… Read more
Marisa Janine-Page, Partner Caldarelli Hejmanowski Page & Leer LLP

Testimonials

“I have thoroughly enjoyed working with the Kazmarek team through the years! They are responsive and have a great team to work with, whether it’s day-to-day IT needs or special projects. ”
KC Martin, HR Director Full Swing Golf

Testimonials

“As a local San Diego business, we were looking to partner with another local business after our IT needs just weren’t being met with a nationwide provider. We could not be happier with our decision since KTS has been very swift, attentive, and collaborative with our IT needs over the past three years. Their engineers, support desk, and managers are patient and able to effectively communicate issues and solutions to a layperson which speaks volumes about their hiring and customer… Read more
Carrie Lamb, Project Manager Chuao Chocolatier

When Was Your Last Backup?

When Was Your Last Backup?

If you don’t know, you’re not alone.
Find out more

Join Our Newsletter

Join Our Newsletter

Free On-Site Analysis

Free On-Site Analysis

Contact us to receive a 1-hour complimentary evaluation.
Learn more here.
  • This field is for validation purposes and should be left unchanged.

Copyrights: © 2023 Kazmarek. All rights reserved.

Designed by TinyFrog & N Halie Designs