Email spoofing involves the falsification of an email’s header with the intention of fooling a recipient into believing the message was sent from somewhere or someone other than the actual source. Core email protocols are not equipped with a built-in authentication method, and this lack of capability makes them a common tool for threat actors and spammers sending out malicious emails using spoofing to dupe recipients into accepting the origin of a message. From annoying and time-wasting spam that clogs up inboxes to more barbed threats of phishing emails designed to steal credentials and deploy malware, spoofed addresses can be exceptionally harmful to enterprises.

The end goal of spoof emails is to make recipients open and, if possible, respond or interact with them, but just how easy is this trick to perform? The truth is that spoofing an email address is not complicated at all and can be completed in a matter of minutes. In the following sections, we will explore the simple steps a scammer can take to forge an email address and fool their victims.

Acquiring a target and designing an attack

Hackers and spammers seeking to spoof an email address will first need to decide on their target. Whether this is an individual or an entire list of victims, they will need to know who they are targeting before picking the email address they will spoof. Precisely who the recipient of the spoof email is will help inform the hacker on who or where an email should appear to be sent from. This makes messages more credible and increases their chance of success.

For example, a director of a healthcare facility who receives an email from the World Health Organisation might not notice anything awry, or a user who gets mail from their line manager may respond without thinking.

In early spamming campaigns seen by cybersecurity firms, members of the public were contacted by random messages from less plausible sources, such as foreign diplomats and governments requesting funds. Today’s phishing campaigns using spoofed emails are becoming more focused and harder for even professionals to identify, using social engineering techniques that use a blend of stolen personal and publicly available information to trick recipients.

With their target selected, hackers can then track down an email address to spoof that is bespoke to its victim. Sometimes email addresses employed in spoofing are entirely accurate to the ones they impersonate. Many organisations and institutions email addresses are readily available for forging, while others can be appropriated by hackers through infiltrating company networks. In other cases, scammers will approximate addresses using prefixes like ‘info’ or ‘security’, which can sometimes bypass dedicated email filters and fool victims.

Obtaining the tools for the task

With their target acquired and an email address that might appear authentic to recipients in hand, the next step for hackers is to purchase the means to make their attack. The tools required to spoof an email address are not difficult for a scammer to get hold of and are completely legal to purchase.

Firstly, they will need a Simple Mail Transfer Protocol (SMTP) server, and secondly, some software designed for mailing. Spammers can contact a dependable web hosting service who will readily supply them with an SMTP server for their personal use. It is also possible for a scammer to install an SMTP server on a system they already possess, making use of port 25. This port is utilised for outgoing email traffic but is typically blocked by Internet Service Providers (ISPs). The reason for this is to prevent attacks by threat actors using malicious software designed for mass email.

As for the mailing software, it as just as easy for scammers to access and is incredibly simple to employ. An example of mailing software is the PHP Mailer – easily available, it is a commonly used and open-source PHP library capable of sending out emails in PHP code from a nominated web server. Supremely simple to get the hang of, it features an easy installation process and includes detailed instructions for its use, along with a web interface that has been specifically designed to be user-friendly.

The simplicity of spoofing an email address

The scammer has now identified who their target is, sourced an appropriate email address to forge and has successfully acquired an SMTP server, plus appropriate mailing software. This means they are ready to spoof an email address and send out a message to try to trick their victim.

Opening the PHP mailer, the hacker or spammer must enter their target’s email address in the field marked ‘To’ and enter the email address they want to pretend to be sending from in the ‘From’ field. After inputting these details, they can then move on to compose their content.

This might involve requests for personal information, such as credit card numbers and passwords, or it might ask recipients to make supplier payments to a new account. The content may also contain malicious links that either download ransomware to the recipient’s device if clicked on or take them to a spoofed website. Following the link, the user finds a sign in form on what resembles a real webpage and they unwittingly impart their confidential credentials.

With their missive complete and any malicious links or attachments added, the scammer only has to hit send. When the email arrives in the target’s inbox, it will look for all intents and purposes as if it came from the authentic email address spoofed by the hacker.

Next generation email security

At Galaxkey, we have built the ultimate secure platform for email protection. Featuring powerful multi-layer encryption to block access from unauthorised views and keep confidential information safe, our system also features additional features to protect staff from scammers. Our cutting-edge solution allows email recipients to verify senders and assess if email contents have been altered, as well as track messages at every stage of their journey. Contact our expert team today to sidestep the latest strategies deployed by scammers and hackers.