Anyone Getting "Realistic" Fake Emails?

  • Thread starter Thread starter kyphysics
  • Start date Start date
Click For Summary
SUMMARY

The discussion centers on the increasing prevalence of "deep fake" phishing emails that appear legitimate but are designed to deceive recipients. Participants share experiences of receiving suspicious emails from known companies, often containing misleading titles or sender names. Key strategies for identifying these scams include checking email headers, verifying sender addresses, and avoiding clickable links. The conversation highlights the importance of vigilance and adopting best practices to protect personal information online.

PREREQUISITES
  • Understanding of phishing and spear phishing techniques
  • Familiarity with email header analysis
  • Knowledge of email security best practices
  • Experience with email clients and their settings
NEXT STEPS
  • Research "email header analysis" to identify the true source of emails
  • Learn about "spear phishing" tactics and how to recognize them
  • Explore email security settings in clients like Outlook and Thunderbird
  • Investigate best practices for reporting phishing attempts to organizations
USEFUL FOR

This discussion is beneficial for cybersecurity professionals, IT administrators, and anyone concerned about email security and phishing threats.

  • #61
Some suspicious links will display one site but link to a completely different site.

in some cases, you can hover over the link to see the actual URL.

Here’s a suspicious link for yahoo.net that goes to a competitor.

Yahoo.net
 
  • Wow
Likes   Reactions: kyphysics
Computer science news on Phys.org
  • #62
jedishrfu said:
Some suspicious links will display one site but link to a completely different site.

in some cases, you can hover over the link to see the actual URL.

Here’s a suspicious link for yahoo.net that goes to a competitor.

Yahoo.net
That's absolutely nuts!

How did you do that?

Also, to be clear, that is an URL. So, that sucks you can fake that, but could a person fake a "sending email" in the same way? If so, they're wouldn't that mean everyone is susceptible to this?
 
  • #63
kyphysics said:
Also, to be clear, that is an URL. So, that sucks you can fake that, but could a person fake a "sending email" in the same way? If so, they're wouldn't that mean everyone is susceptible to this?

Yes it sucks, but it has been that way since the dawn of the Internet.

Being safe on the Internet, means following safe practices, not examining the appearance of URLs emails or other addresses. You must assume that anything can be faked.

Here are two links to sources explaining some safe practices.

https://arstechnica.com/information-technology/2021/10/securing-your-digital-life-part-2/

https://www.odni.gov/files/NCSC/documents/campaign/DoD_IAPM_Guide_March_2021.pdf
 
  • #64
pbuk said:
Well Yahoo do own the 2nd level domain yahoo.net, although the sports.comms.yahoo.net domain as well as comms.yahoo.net is controlled by a marketing company Lion Re:sources, part of the Publicis Groupe. However because of the point below you cannot rely on the email actually coming from them.

Yes. Depending on your email client and spam settings and any anti-malware plugins you are using such a faked address may or may not be marked as spam.
Thanks for the response, pbuk.

So, here's sort of the same question I asked in the post above. IF an evil sender wanted to fake the sending email address (to be one that I would recognize and think was from a trusted source), then how could any human being every trust anyone sending anything to them by email?

If someone figured out my mom, sister, or brother's emails, for example, and then sent me a realistic looking titled email from them (faking their email address, I mean), then it'd be hard for me to not click on it (short of literally calling them by phone to ask if they sent it...but that seems cumbersome to do every time), right?
The "hover over" method used for fake links in jedishrfu seems like it wouldn't work for faked sending emails, no? If I hover over the sender in my email inbox, I can see the email address an email is coming from. But, if it's faked, is it the case that there is no way to tell? Or, is it that once I open the actual email, then perhaps I can hover (within the email) over the sender's address and it would show a different/fake address then?
 
  • #65
kyphysics said:
how could any human being every trust anyone sending anything to them by email?
Through context. If you know that it's your friend's birthday next week then shouldn't come as a surprise if they send you an invitation to a party with a link to click on. If you get an email apparently from your elderly aunt saying "Wassup matey, check out theese kewl new trainers" then you can bet it is fake.

kyphysics said:
If someone figured out my mom, sister, or brother's emails, for example, and then sent me a realistic looking titled email from them (faking their email address, I mean), then it'd be hard for me to not click on it (short of literally calling them by phone to ask if they sent it...but that seems cumbersome to do every time), right?
Use your common sense: in most cases (but importantly, not all cases) fakes are easy to spot from the context.

kyphysics said:
Or, is it that once I open the actual email, then perhaps I can hover (within the email) over the sender's address and it would show a different/fake address then?
No, you have to inspect the headers of the email and then look up the servers in the chain. If you have a decent email provider they should do this for you and treat the email as spam (which may mean adding a prefix to the title, delivering it to a spam mailbox or just deleting it). If you have an anti-malware plugin in your email client this may provide extra protection.
 
  • Like
Likes   Reactions: kyphysics
  • #66
I’ve seen some stuff where even the hover over a link failed to show the true url link as it as overwritten on the status bar by JavaScript on the webpage or email.
 
  • Like
Likes   Reactions: kyphysics
  • #67
kyphysics said:
Here is another email I accidentally clicked on today (I wanted to select the box to try to delete it, but my mouse accidentally clicked on it to open):
yahoo@sports.comms.yahoo.net

Two questions:
1.) Would I be correct to assume it is legitimate, because of the "yahoo.net" ending? For reference, I play fantasy sports, so this was an email advertising some fantasy sports stuff on Yahoo. But even without that background, is the logic that if it's a "yahoo.net" ending, then it's ALWAYS legitimate (no matter what comes before that part of the address)?

2.) My second question is whether someone can send you an email with a "fake legitimate email" as the sender's email? Let's say abcxyz@yahoo.net is legitimate email address from Yahoo! But, suppose a scammer wants to send me some type of malware through email. Can that evil person use abcxyz@yahoo.net as his sending email address (even if he's not really sending it from that address)? Can some, in other words, fake the sending email address (of a legitimate one)?

The explanation I gave is for web links themselves. An e-mail can be made to appear to come from any address very easily. Also there are normally two parts to links, the part which is displayed and the actual URL you will be redirected to. If you hover your mouse over the web link it should tell you where the link is really pointing to, if it's pointing somewhere different to the one shown then don't click on it as it is likely spam again.
 
  • Like
Likes   Reactions: kyphysics
  • #68
MikeeMiracle said:
If you hover your mouse over the web link it should tell you where the link is really pointing to
Caution: this is only true in your email client* (or other environment where JavaScript is disabled). In a web page displayed in a normal browser, JavaScript can make the link do anything.

To see this in action create the following file on your desktop and open it (you have to include the code in the image below as well):
[CODE lang="html" title="fooled-you.html"]<a href="https://microsoft.com">https://apple.com/</a>
[/CODE]
1636371991529.png

The link says Apple, shows Microsoft when you hover over it and takes you to Ubuntu when you click on it!

Note that this behaviour is typical of malicious web sites so never post this code or anything like it on the internet where it could be displayed by a browser (e.g. CodePen or a GitHub gist) or you risk your account being suspended.

* email clients include reputable web apps such as Gmail, Outlook.com etc.
 
Last edited:
  • Like
  • Informative
Likes   Reactions: kyphysics and MikeeMiracle

Similar threads

Possible to Get Malware by Just Opening an Email?
  • · Replies 32 ·
2
Replies
32
Views
6K
How to get Hackathon sponsors?
  • · Replies 21 ·
Replies
21
Views
1K
Asked to Verify email when Unsubscribing from unsolicited e-mails
  • · Replies 12 ·
Replies
12
Views
4K
How do spammers get our names and our email IDs of "me and my friend"?
  • · Replies 21 ·
Replies
21
Views
5K
Cybersecurity: Links to Malware sites in QR
  • · Replies 1 ·
Replies
1
Views
1K
I Just Forgot my Email Password that I Created/Changed Today
  • · Replies 37 ·
2
Replies
37
Views
4K
Why iPad opens Gmail into emails?
  • · Replies 9 ·
Replies
9
Views
2K
Anyone know how to filter out conversations in gmail?
  • · Replies 6 ·
Replies
6
Views
2K
Alternative Email Services to Gmail
  • · Replies 5 ·
Replies
5
Views
2K
Why do emails from my contact form bounce?
  • · Replies 10 ·
Replies
10
Views
3K