Jump to content

How spammers Spoof your Email Adress?


Cyb3rShot
 Share

Recommended Posts

Spoiler

So did you ever get a piece of junk mail and it appears to come from you or from a friend  of yours, or perhaps you got a message from a friend of yours saying I've got a piece  of spam and it looks like you sent it.  Maybe your computer is infected, maybe your email account has been compromised.
Well, when you get a piece of email that is coming from somebody different than actually  who sent it, it is called email spoofing. It's incredibly easy to do.

So easy to do that any spammer is going to actually spoof their email address. They are never going to use their real email address when they send out spam.  Very often they are going to use a real email address from somebody else, maybe somebody  you even know, just to get you to open the email.
So, the false assumption many people have is that when you get a piece of email it says  it is from somebody any you think it has to be true.
It has to be from that person.  Well, it's not true at all.  You can fake that very easily.  As a matter of fact it is just as easy to do with an email as it is to do with physical  mail.  Physical mail you put the return address here and it's supposed to be who this is from.

But you can write anything you want here.  Nobody is going to check that.  You can put the President of the United States, the Queen of England, anybody you want here.
It is just as easy to do that in a piece of email.  As of matter of fact, for spammers the software they use to send stuff out, that's going to  allow them to put anything they want in there.  They don't even have to have any technical knowhow to do it.  So you can't trust the From address in any email that you get.

Most of the time it's going to be right because somebody who sent you a legitimate email is  going to want that From to be something accurate because they are communicating with you.  But spammers don't care about that.  Now let me show you how they can actually get your email address without even compromising  your computer at all and make it look like you're sending out spam!  So let's look at one way that this could happen.  Here we've got Joe and Joe's computer.  Joe has friends that he emails.
So you can see here these are Joe's friends and this is a list of all their email addresses.  These aren't necessarily in Joe's contacts.  These are just if you look at Joe's email you'll find the email addresses in the From  field from all of the emails that he has ever gotten.  In addition to that Joe also has all his work people and he emails them and he has their  email addresses on his computer.  If you look through his email all those email addresses are there.  Also, you've got Joe's Special Interest Group SIG.

This could be Joe's neighborhood mailing list, this could be a hobby he's got and he subscribes  to this mailing list and he communicates with people or maybe his college buddies and they  all email back and forth all the time things about their alma mater.  So Joe's got a lot of different email addresses if you search through his email here and they  all combine to create all of this data here that's is email addresses on Joe's computer.
When put together they're Joe's email data and it's all sitting their on his computer.  What happens if Joe get his computer infected.
Say he is using an old PC and it's out of date and he downloads something he shouldn't  and now his machine is infected and he may not even know it.  So what's going to happen now is that infection, that malware, is going to go and look at all  of his email data and it's going to harvest it.

That may be it for Joe's computer.  It may actually harvest all that data and send it somewhere else and Joe's computer  doesn't actually do anything from that point on.  Or Joe's computer can continue to be, maybe, the agent that sends out spam.  So what happens when it sends out spam.  Well, it's going to take an email address from Joe's email data.  Say this one just at random.  Then it's going to take another one.  Say this one and it's going to compose an email.  That email could have anything in the From and To field.  So what it's going to do is take this orange email address and it's going to stick it there  in the From field.
And it's going to take this purple one and it's going to stick it there in the To field.  So now you've got an email that could be send by Joe's computer, it could be sent by another  computer somewhere else, or a server in another country.  It doesn't really matter.

It's going to go and make it look like this email is from this orange person to this purple  person here and it's going to be spam.  What are the chances that this purple person knows this orange person.  Well, actually pretty decent since they both know Joe.  If you look at all the possible combinations of sending say from this person to this person  or this person to this person, or two people over here to two people over here it's going  to send out a whole bunch of emails and a lot of those are going to recognize where  it comes from.  They are going to think that it comes from somebody they know and thus they are going  to be that much more likely to read the email which is all the spammer wants.  The spammer may be sending out a million emails on a given day and maybe a hundred people  read them.

If by doing this technique they can trick two hundred people into reading them well  they could perhaps double their return of whatever it is they're sending out.  So that's why they do this.  The spammer doesn't care that this person here in orange is going to get an email from  maybe this person in purple saying hey I think your computer is infected or I think your  email account has been compromised because I just got an email from you.  Well it turns out the orange person, their email account isn't compromised, their computer  doesn't have any malware.  Their email address was just spoofed.  They didn't do anything wrong.
There is nothing for them to do.  There is nothing they can do.  There is a whole bunch of emails that is going to go out from this orange person to all of  these people there is nothing they can do but wait and field a bunch of emails from  people saying hey I think you've been compromised.

I'd just say well no I think my email address has just been spoofed and wait for it all  to die down.  The spammer doesn't care that this is going on.  The spammer just cares that maybe a few more people clicked on the links in the body of  the email.  That makes it all worth it to them even though it is an annoyance to the person in orange.  It is, of course, an annoyance to the personin purple. Joe may not even know it's going on. That is just collateral damage in the spammer's attempt to make money.

So what do you do if you get a message from a friend saying that they got spam and it appears to come from you.  Well, despite everything I just said you should still look at it as an opportunity to change your email password. This probably has nothing to do with you or your email account or your computer but you should be changing your email password every once in a while anyway.  And you should be changing it to something that's always a very strong random password. So look at this as an opportunity to do that. While you're there check things over just to make sure that everything looks legit.  Look at your Sent email and make sure that it is just stuff that you've sent and it probably is. Once you have assured yourself that everything looks okay and you've changed your password then there is nothing to do but wait it out.

Usually these kind of things happen for a day or two. Maybe your email address gets used a lot and there is nothing you can do to stop it.  You just kind of got to wait till you get through the wave of people responding to you or people notifying you about using your email address and then it should all die down because the spammers are going to want to move on to another email address just to keep things going and keep the chance that somebody will open up a spammed email a little bit higher. So it is in their interest to actually move on after a little bit than to keep using your email address. So I hope this has been of help in explaining why it may look like why spam is being sent out from your account even though it's not.

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...