How does email spoofing know who to spoof?

416 viewsOtherTechnology

When I get a spoofed email from someone it’s easy to spot but how do they know who to spoof?

So this morning I got an email from my brother in law, they used his name, but obviously not his address.

My question is how did they know to use his name? Is his email compromised and that’s how they got his name and my email address or is the compromise on my side, or is it as simple as email is easy to read the to from and nothing is necessarily compromised?

In: Technology

6 Answers

Anonymous 0 Comments

All those data leaks you hear about? They get compiled into massive databases and used for this purpose. You see two people in the same state with the same last name? Probably know each other, so spoof emails from one to another. Get someone’s contact list from a Facebook dump or phone malware? Add those connections to the database! If they don’t know each other, no big deal since you’re sending out a few million of them anyway.

The Equifax databreach was a gold mine for this — All that personal information that the credit agencies collect on everyone — addresses, bank accounts, employment history, cosigners, etc. All in one convenient location, and it’s not that hard to build these kinds of connections from that data that can then be used for whatever scam they want to try.

You are viewing 1 out of 6 answers, click here to view all answers.