Wednesday, June 22, 2016

More than the half companies are vulnerable to mail spoofing

 It's the biggest tool for the feared "Fraud to CEO": the possibility of  impersonate the emails of high positions to send orders to their employees, like transfer millions without thinking. More than the half of the top 500 Alexa domains are vulnerable to the impersonation of the other people or entities emails , better know as "email spoofing".

According to SecurityWeek, the security sign Detectify has detected that more than the half of the top 500 domains according to Alexa are vulnerable to this attack, concretely 276 of the 500 domains, because their owners don't have the email servers well configured. The "email spoofing" is a fundamental tool for spam, frauds and, in general, all kinds of phishing, includes the spear phishing.

According toWikipedia, the "email spoofing" technique is "so simple as the use of an SMTP server configure for this purpose. To protect ourselves we should check the sender IP (to figure out if this IP really belong to the entity of the message) and the direction of the used SMTP server".

The cybersecurity industry has created different validation and authentication systems to fight against the "email spoofing" and prevent the sent of emails like it would come from legitimate domains. Between the most effective it highlight since years ago the Sender Policy Framework server (SPF), that allow to an administrator specify which servers have the permission to send emails using particular domains.

Another authentication methods are  DomainKeys Identified Mail (DKIM), based on cryptography, or Domain-based Message Authentication, Reporting and Conformance (DMARC), a complementary system to SPF and DKIM. The main world domains fail applying and configuring correctly those methods, according to the Detectify investigation, which has contacted with the victims to solve the problem.


Post a Comment