Forging the sender address

One of the ways an attacker tries to penetrate an organisation is by emails. An attacker in a remote part of the planet can send a malicious email and start attacking an organisation. For obvious reasons an attacker would not want to be identified, therefore the attacker forges the sender address to cover his/her tracks. […]

Types of E-Mail Abuse where the Sender Address is Forged

Spammers  – As they want to avoid receiving non-delivery notifications (bounces) to their real addresses. Fraudsters  – As they want to cover their tracks and remain anonymous. Computer worms – Worms want to cause confusion or just don’t care about which sender addresses they use. Phishers (password fishers) want to impersonate well-known, trusted identities in order […]

DKIM KEYS Consideration

Messages with DKIM signatures use a key to sign messages. Messages signed with short keys can be easily spoofed (see http://www.kb.cert.org/vuls/id/268267), so a message signed with a short key is no longer an indication that the message is properly authenticated. To best protect  users, Gmail will begin treating emails signed with less than 1024-bit keys […]

DKIM Simplified

DomainKeys Identified Mail (DKIM), is a mechanism that allows verification of the source and contents of email messages. Using DKIM, sending domains can include a cryptographic signature in outgoing email messages. A message’s signature may be verified by any (or all) MTAs (mail servers) during transit and by the Mail User Agent (MUA) upon delivery. […]

The Phishing surge amidst Covid 19

Did you mask your network as well during COVID-19? COVID-19 continues to significantly embolden cybercriminals’ phishing and fraud efforts, and there is a long way to stop it. Almost nine out of 10 believed they might have security gaps as the result of the rapid move to remote working. During the pandemic the cyber-attacks soar […]

What is SPF ?

Sender Policy Framework (SPF) is an email validation system designed to detect and block forged or spoofed emails. This is done by verifying the sender’s email server before delivering all legitimate email to a recipient’s inbox. but How ?This is achieved when the network owner creates an SPF entry in the Domain Name System (DNS) record for […]

Do you know how they hacked your account? Part five: Keylogging

Keylogging  (also called keystroke logging) is a method that cyber criminals use to record (or log) the keys you strike on your keyboard in order to get confidential information about you. Of course they do this in a concealed manner, so that you won’t know you are being monitored while typing passwords, addresses and other […]

How can I tell if DMARC is making a difference?

A day or two after a domain owner publishes the simplest monitoring-mode DMARC record in DNS, they will begin to receive reports from DMARC receivers with statistics about email sent to them using the domain owner’s domain. In other words, if you own or operate example.com and publish a DMARC record requesting reports, you will […]

Fixes for Spoofing

Even the most optimistic experts accept that the problem will persist, though much progress is being made on technical solutions. No amount of training, it seems, will stop computer-users clicking on malicious links or opening booby-trapped attachments in fake emails, so a technical solution is needed to defeat phishing — a tactic that still provides the baseline method of network […]

Do you know how they hacked your account? Part four: Viruses

In this part we will highlight some of the well-known types of computer viruses Trojan A Trojan horse (commonly known as a Trojan) is a type of malware that conceals itself as a normal file or program to trick you into downloading and installing malware.A Trojan can do many dangerous things to your system, like […]

Scroll to top