The Mumbai Police has issued an advisory for citizens, alerting them about different types of forged email attacks. With such fake communication, cyber attackers can gain access to personal credentials and the entire device of targets, said cops.
Labelling forged emails “one of the most dangerous types of email attacks”, the advisory said, “Typically, this scam starts with a spam or phishing message. Using a malicious link or an attachment, the attacker gains access to your credentials or device. At this early stage, criminals often use different types of malware to gain control over your computer. Then, with free access, they can send emails as if they were you.”
Forged Envelope Sender Attack
Explaining about the forged envelope sender attack, which is a type of forged email attack, the advisory said that the envelope sender is generally an address used by your mail server, so it may be visible to you or not depending on your email provider. When a criminal falsifies the envelope sender, the fraudster is trying to use the domain of a known company to earn your trust and bypass the mail server's filters.
Forged Header Sender Attack
The next type is forged header sender attack. “A header sender is the address that appears in your mail application. Unlike the envelope sender, it's always visible to the end user. The goal of a forged header sender and envelope sender attacks is the. The difference between them is that spoofing the display name of the sender gives more credibility to the scam, since people trust what they can see and read,” said the advisory.
Cousin Domain Attack
The third type is cousin domain attack or similar domain attack. It happens when the criminal tries to trick you by using a domain that looks like the real one. This type of fraud involves adding or subtracting characters to the address. “The free email account Attack uses a valid free email account, such as Yahoo and Gmail, to deceive people. For example, the scammer may impersonate a director of a company, saying that he is using a personal email because he was unable to access the company's network,” said the advisory. The target is more vulnerable to such an attack because the mail is sent from a valid address hence it doesn't get stuck in filters and authentication protocols.
The best way to fight forged email attacks is using different search engines, anti-spam and anti-virus softwares, sender policy framework, domain keys identified mail and domain-based message authentication reporting and conformance protocols, the advisory concluded.