Let’s Hack the Hack before it Hacks!

Regardless of whether it’s ransomware, the supply chain, or another detestable technique, cyber actors how to recognize the organization’s shaky areas, which, inevitably, reside with a company’s employees or its software. With that in mind, we want to share four strategies we’ve learned over the years and continue to recommend to our clients. By committing […]

“Mail from” and “From” header

In simple terms MAIL FROM – Mr.Blue used XYZ post office to send a mail envelope to Mr.Red, and if Mr.Red’s post office cant locate Mr. Red then the envelope can be sent back to XYZ Post office to be returned to Mr.BlueFROM – This message is FROM Mr.Blue to Mr. Red (Receiver). Now the technical […]

What is Phishing ?

Definition The term phishing is a general term for the creation and use by criminals of e-mails and websites – designed to look like they come from well-known, legitimate and trusted businesses, financial institutions and government agencies – in an attempt to gather personal, financial and sensitive information. Why ? These criminals deceive Internet users into disclosing their bank […]

Forging the sender address

One of the ways an attacker tries to penetrate an organisation is by emails. An attacker in a remote part of the planet can send a malicious email and start attacking an organisation. For obvious reasons an attacker would not want to be identified, therefore the attacker forges the sender address to cover his/her tracks. […]

Types of E-Mail Abuse where the Sender Address is Forged

Spammers  – As they want to avoid receiving non-delivery notifications (bounces) to their real addresses. Fraudsters  – As they want to cover their tracks and remain anonymous. Computer worms – Worms want to cause confusion or just don’t care about which sender addresses they use. Phishers (password fishers) want to impersonate well-known, trusted identities in order […]

DKIM KEYS Consideration

Messages with DKIM signatures use a key to sign messages. Messages signed with short keys can be easily spoofed (see http://www.kb.cert.org/vuls/id/268267), so a message signed with a short key is no longer an indication that the message is properly authenticated. To best protect  users, Gmail will begin treating emails signed with less than 1024-bit keys […]

DKIM Simplified

DomainKeys Identified Mail (DKIM), is a mechanism that allows verification of the source and contents of email messages. Using DKIM, sending domains can include a cryptographic signature in outgoing email messages. A message’s signature may be verified by any (or all) MTAs (mail servers) during transit and by the Mail User Agent (MUA) upon delivery. […]

Scroll to top