Cybersecurity

Beware Email Spoofing that Endangers You and Network Domains

  • Reading time: 2 min
network domains, network, domains, email spoofing, researchers,

Computer scientists identified alarming security vulnerabilities in email forwarding that could lead to widespread email impersonation of network domains.

  • Scammers bypass email provider safeguards and send deceptive emails on behalf of reputable organizations.
  • Proposed mitigation measures include disabling open forwarding.

University of California San Diego computer scientists uncovered security vulnerabilities in the email forwarding process, potentially enabling widespread email impersonation of network domains, including high-profile domains like Mastercard, The Washington Post, and the Department of State.

According to the paper, this technique, known as “forwarding-based spoofing,” allows scammers to send emails that appear to be from reputable organizations, effectively bypassing the safeguards employed by email providers like Gmail and Outlook. Once recipients open these spoofed emails, they become susceptible to malware-infected attachments or spyware-installing links.

While the original email protocol assumed that each organization operated its email infrastructure with unique IP addresses, many organizations outsource their email systems to third-party providers like Gmail and Outlook. As a result, thousands of network domains grant these providers the authority to send emails on their behalf. Email forwarding can exploit this vulnerability, as third-party providers validate users sending emails on behalf of domains they operate, but this protection can be circumvented.

Take the email domain “state.gov” as an example. It is affiliated with the Department of State and permits Outlook to send emails on its behalf. So, any email appearing to originate from state.gov is considered legitimate if sent from Outlook’s email servers. By creating a spoofed email, the attacker pretends to be from the Department of State, and then forwards it through their personal Outlook account. The recipient, seeing it arrive from an Outlook email server, would unquestionably deem it authentic.

These vulnerabilities also extend to other widely-used email providers such as iCloud and Gmail. Despite the diligent reporting of these security issues to major tech giants like Microsoft, Apple, and Google, no significant actions have been taken.

There are four distinct attack scenarios. In three of these scenarios, the attacker must have control over both the sending and forwarding accounts, possess a server capable of dispatching spoofed emails, and maintain an account with a third-party provider that permits open forwarding. These attacks expose over 12% of the top 100,000 websites in terms of traffic, affecting major news outlets, financial institutions, and government entities.

In the fourth one, the attacker leverages a personal Outlook account to forward spoofed emails to Gmail, potentially impacting around 1.9 billion users globally. Similar attacks are applicable to four popular mailing list services: Google Groups, Mailman, Listserv, and Gaggle.

To mitigate these vulnerabilities, the researchers propose disabling open forwarding, discarding the assumption that emails from major providers are inherently trustworthy, and implementing sender confirmation for mailing lists. However, they acknowledge that achieving fundamental changes in email security protocols would necessitate extensive collaboration and confront operational challenges head-on.

Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Cybersecurity sections to stay informed and up-to-date with our daily articles.

Tags: