Even if you’re a savvy PkHackingTricks user, you are still at risk in getting hit by a fake email sender. There is always some article in the news about some celebrity, or some random employee who works for a mega corporation getting scammed by one of these cyber criminals. Even cyber security professionals who work for the government still get fooled into giving up valuable information through a phishing scam sent through an email spoofing cyber attack.
I will try and cover some good and up to date news stories to reflect on how bad email spoofing can be to the victims being attacked.
The same old story goes as follows, an email is sent to one of these innocent people’s email addresses, and they look at the sent electronic message and think to themselves that this is someone, or some organization that they know well. They then open the sent email and either open an attached file to that email which has malware on it, or they are led to a bogus website that looks legit. Somehow, someway they always freely give up their valuable information, and that the information they divulge is usually their bank account number, their credit card number, a password to one of their important accounts, or they are tricked into giving up some sort of important personal information of theirs.
If I had a nickle for every time someone got fooled by a fake email sender, I would be rich! I would be even richer if I could count the number of news articles on this subject that have been written on year after year straight!
County Treasurer Pays Fifty Grand From A Fake EmailEmail spoofing from a fake email sender is no joke! Just recently, in June 2016 a County Treasurer just cost the state of Missouri $50,000. Wow, that’s a lot of money to be wasted, especially for local tax payers, because that large sum of money is coming out of their pockets indirectly.
So what happened was this, the treasurer of the county, Rob Willard got a convincing email that looked very legit. The email stated with urgency that a bill needed to be paid immediately. This email looked like it was from Rob Schieber who is the Presiding Commissioner. The email address was exactly identical to Rob Schieber’s email address, which gave it the credibility it needed in order to trick Rob Willard in paying what seemed to be a time sensitive payment.
With all fairness to Rob Willard, the average person receiving such a well crafted email wouldn’t probably think twice if they received a clone email from someone they knew well. It was even written in the same style of Rob Schieber. This email spoofing attack looked like it was very well planned out, and because of the time and effort that went into this attack, it cost the state of Missouri’s county a large sum of money. These attackers just received a nice hefty little paycheck for their efforts. Fifty Grand is a years worth of pay for the average American, so you can imagine why this cyber attack was worth it for the criminals that conducted it. Not that I am endorsing it by any means.
If you wish to read the full story I am linking it here.
Milwaukee Bucks Teammates Are Under Cyber Attacks Through a Fake Email Sender!Another news article has recently popped up stating that Milwaukee Bucks members are undergoing spoofed email attacks from a fake email sender. An employee of the Bucks has received emails from Peter Feigin who is the president of the well known basketball team. Peter Feigin is asking for each team members W-2 form information. The information asked for includes Social Security numbers, financial information, names of all the Bucks members, and also addresses on each teammate playing for the famous basketball team.
The employee, like any other, handed all this information over without question of the email he/she received from Peter Feigin. The only problem with this scenario is that the email from Peter Feigin’s email address was in fact not from Peter Feigin at all. This email that the Milwaukee Bucks employee received was a cloned email of Peter Feigin. It was well crafted and looked legit. Much like how the treasurer from Missouri was scammed, the email was written in a similar style on how Peter Feigin writes.
Because of this spoofed email attack from a fake email sender, all of the Milwaukee Bucks team members information is in serious jeopardy now. Think of what a cyber criminal can do with all that sensitive information they received. Probably a lot of damage to these basketball players lives!
If you wish to read the official article on this email spoofing report which is fairly short, I am linking to it here.
Tax Scams Coming Directly From The IRS?You read that correctly, there has been a major tax scam coming directly from he IRS this past coming tax season in April 2016. Well, not exactly from the IRS, but from someone claiming to be the IRS. Although I have been focusing on email spoofing attempts which are email clones from someone you may know, this IRS scam is actually the same concept but with phone numbers.
Cyber attackers have been targeting innocent and naive college students in what appears to be a huge and major IRS scam. These cyber criminals are using caller ID spoofing which makes a phone number coming from a government agency located in Washington D.C. look legit. These phone calls to these college students sound like they are from very credible IRS agents. The fake IRS agents already have some information on these college students that are being called, which makes the scam sound more convincing.
These unsuspecting students who are wrongfully scammed are being told that they owe federal student tax money to the IRS. The students are tricked into making a payment using a MoneyGram wire transfer to these fake IRS agents bank account. Some of these students actually go through and make the payment out of fear of getting in trouble with the law. Many of these students are not even aware that a federal student tax does not even exist.
To give these students who are being fooled by these scams the benefit of the doubt, when I was that age in college I wouldn’t have been familiar with a scam like this as well.
Again, if this is an article that you are interested in reading more in depth, I am linking to it here.
I am not going to review any more news articles on spoofing. I hope by now you get the point on what email or phone spoofing is, and I hope that you are more aware on how you can get scammed with this very real fraudulent activity.
I would like to switch gears a little bit and talk a little more on the statistics of these cyber attacks, and where they are coming from.
So the question begs, who are these criminals that are conducting these cyber attacks? Where do they come from? To be honest, most of these cyber criminals aren’t even pushing forward these spoofing attempts from inside the U.S. The fact that these attacks can come from anywhere in the world makes it all the more scarier. Someone can literary pick you out as an individual half way across the globe and steal your information somehow. Most of these spoofed emails are coming from Africa, Eastern Europe, and even some Asian countries. So the fact remains, that most of these cyber attacks are out of the FBI’s jurisdiction to really do anything about it when it comes to prosecuting these criminal actions!
Statistically, email spoofing scams are costing American business over $2.3 billion dollars a year. More than 50% of internet users in the U.S. receive at least 1 phishing email a day, and over 97% percent of these people being attacked through spoofed emails cannot even correctly identify these attempts.
Below is a graph that shows you how many attacks are conducted a day on most individuals. Hopefully this will give you a more clear visual representation on this widespread problem: