How does email spoofing know who to spoof?

418 viewsOtherTechnology

When I get a spoofed email from someone it’s easy to spot but how do they know who to spoof?

So this morning I got an email from my brother in law, they used his name, but obviously not his address.

My question is how did they know to use his name? Is his email compromised and that’s how they got his name and my email address or is the compromise on my side, or is it as simple as email is easy to read the to from and nothing is necessarily compromised?

In: Technology

6 Answers

Anonymous 0 Comments

They have scraped “association lists” from things like Facebook (if you don’t have you or one of your friends doesn’t have their Friends list private, for example). And there are other lists of e-mail addresses with matching names that your friends are listed on. And finally, there are lists of e-mail addresses on e-mail servers that don’t require credentials to send e-mails (the spoofing address).

Then they can just brute force something like this:
Your Name (with spoofed return e-mail) to Your Friend (with their actual matched e-mail).

They’ll send one out to every person on your association list that has a matched e-mail address.

When a recipient gets the e-mail, it will look like you sent it to them, and it includes a vague but plausible subject and message (“Hey check out these photos!” — I got one like this just this morning.)

But if you look at the actual sender e-mail address, it won’t have anything to do with your friend’s name, it will be somebody else. And they don’t want a reply, they want you to open the file or go to the link, to run some malware.

You are viewing 1 out of 6 answers, click here to view all answers.