How does email spoofing know who to spoof?

412 viewsOtherTechnology

When I get a spoofed email from someone it’s easy to spot but how do they know who to spoof?

So this morning I got an email from my brother in law, they used his name, but obviously not his address.

My question is how did they know to use his name? Is his email compromised and that’s how they got his name and my email address or is the compromise on my side, or is it as simple as email is easy to read the to from and nothing is necessarily compromised?

In: Technology

6 Answers

Anonymous 0 Comments

Email addresses are not generally considered private or secure information, and as such are relatively easy to scrape from various groups/forums/websites/etc. A compromised machine may help compile those lists, but it’s generally not necessary.

So then you can end up with many different groups of email addresses from various sources. What the spammers can then do if they wish is to send out their spam to all of the groups, but have their software pick one name out of each group to send to that group, thus increasing the chance that you “recognize” the name and thus give it a little more legitimacy. You notice it when that tactic works, but don’t notice it when it’s from someone you don’t know who happened to have an account on a gaming forum you joined a few years back but have stopped going to.

You are viewing 1 out of 6 answers, click here to view all answers.