Decades-Old Email Flaws Could Let Attackers Mask Their Identities
Have you ever received emails requesting money or information that appeared to be from someone who knew you or claims it’s an affiliate of a real business in which you already conduct business? These are just a few scenarios involving the 90% of malware that arrived via email for the year 2018 to 2019. It’s challenging to advocate cybersecurity and call into question every correspondent’s address.
Analyzing Your Emails Is No Guarantee
Being vigilant is a just a stopgap measure and in no way solves the issue for the long-haul. One example of how scammers throw off potential targets might look like tech@c0mpanyname.com instead of the actual tech@companyname.com address. Researchers have discovered several vulnerabilities in protocols used to authenticate these addresses, which they refer to as “darn subtle” flaws.
Authentication Protocol
An authentication protocol is a type of computer communications protocol or cryptographic protocol specifically designed for transfer of authentication data between two entities.
These are the three significant cybersecurity authentication protocols and their definitions:
- Sender Policy Framework (SPF)- authentication method, which deters spammers from sending emails on behalf of someone’s domain.
- Domain Keys Identified Mail (DKIM)- authentication technique which allows the person receiving the emails to confirm they were sent and authorized by the proprietor of the domain by giving emails a digital signature.
- Domain-Based Message Authentication, Reporting, and Conformance (DMARC)- authentication process where SPF, DKIM, or both must authenticate incoming correspondence. That domain must match the domain in the message’s “From” header address.
Invasion Exploits
Even though emails only require a “To” and “From” addresses, there is much more identifying information there than visible, including date and time stamp, language, routing information, and Message-ID. Researchers found 18 separate “invasion exploits” attackers use to make phishing harder to detect by the receiver.
The 18 invasion exploits or attacks fall into these three categories:
- Intraserver attacks, which take advantage of irregularities in how a service retrieves data from headers to identify and authenticate a sender.
- Like Intraserver attacks that take advantage of similar anomalies but between the receiving mail server and the application that displays it.
- Researchers call this Ambiguous Play, which includes varied methods of hijacking and replaying a legitimate email an attacker has received.
Even when cybersecurity protocols are in place, as you can see, it’s still important to avoid clicking random links within the message body and scrutinize the email address of the sender to stave off phishing and scams.