Example - SMTP message spoofing

I got reactions from readers regarding my Spear Phishing post, that creating a perfect spoofed e-mail representing the manager is impossible. Although I agree with this opinion, I must stress that the attacker can create a near perfect spoofed message.

Here is how:
All he needs is an open relay mail server - a mail server that will accept and relay e-maiil messages regardless of sender and recipient parameters.
Then, he needs to telnet to port 25 of this server (SMTP port) and send the following set of commands:
helo server
mail from: sender@frauddomain.com

rcpt to: recipient@targetdomain.com

This is a customised fraud message




After each message, the server will reply with appropriate acceptance codes. The . on the last row is not an error, that is the message end delimiter.

Using this method, the attacker will not be able to spoof ONLY the IP address of the SMTP server that relayed the message. Although this information is contained in the message header, very few people are trained to read it, and it is quite difficult to train non-technical personnel to read the header.

Here is a video clip demonstrating the spoofing process

Related posts
Tutorial - Measures for minimizing Spear Phishing Attacks

Talkback and comments are most welcome

No comments:

Designed by Posicionamiento Web