There are various methods for spoofing emails
Posted: Sat Feb 01, 2025 8:54 am
For example, when Hana (hana@△△.jp) sends an email to Taro (taro@〇〇.jp), the email system creates an envelope outside the email written by Hana.
This envelope contains the information necessary for the actual sending of the email, and uses that information to deliver the email to its destination.
Then, when the email reaches Taro's server and is stored in Taro's mail folder, the envelope is discarded.
<Mini Knowledge>
There are two FROM addresses in an email: Envelope-From and Header-From.
*The first From is the sender written on the envelope, so it's called Envelope-From, and the second From is the sender written in the header of the letter inside the envelope, so it's called Header-From.
Just as a letter is delivered according to the address written on the envelope, email is delivered according to the address written on the envelope.
The contents of the email body stored in the envelope are not viewed during delivery, nor are they checked by the recipient.
Therefore, even if the "recipient or sender written loan officer email list in the email body" and the "recipient or sender written in the envelope" are not the same, the email will be delivered.
(*If you use a delivery system, the Envelope-From and Header-From may be different.
They are abusing this system by writing accurate information on the envelope and malicious content in the body of the message.
Spoofing email methods
■Phishing scams
These are scams that involve impersonating not only individuals or acquaintances, but also companies to extract personal information.
They send emails with plausible messages such as "account update" or "out-of-pocket payments" and direct victims to fake websites that look just like the real thing,
where they trick victims into entering login information, account numbers, credit card information, and other personal information to be stolen.
Recently, the damage caused by these attacks has been increasing because it has become difficult to distinguish between malicious sites at a glance, as only one character in the destination URL may differ.
This envelope contains the information necessary for the actual sending of the email, and uses that information to deliver the email to its destination.
Then, when the email reaches Taro's server and is stored in Taro's mail folder, the envelope is discarded.
<Mini Knowledge>
There are two FROM addresses in an email: Envelope-From and Header-From.
*The first From is the sender written on the envelope, so it's called Envelope-From, and the second From is the sender written in the header of the letter inside the envelope, so it's called Header-From.
Just as a letter is delivered according to the address written on the envelope, email is delivered according to the address written on the envelope.
The contents of the email body stored in the envelope are not viewed during delivery, nor are they checked by the recipient.
Therefore, even if the "recipient or sender written loan officer email list in the email body" and the "recipient or sender written in the envelope" are not the same, the email will be delivered.
(*If you use a delivery system, the Envelope-From and Header-From may be different.
They are abusing this system by writing accurate information on the envelope and malicious content in the body of the message.
Spoofing email methods
■Phishing scams
These are scams that involve impersonating not only individuals or acquaintances, but also companies to extract personal information.
They send emails with plausible messages such as "account update" or "out-of-pocket payments" and direct victims to fake websites that look just like the real thing,
where they trick victims into entering login information, account numbers, credit card information, and other personal information to be stolen.
Recently, the damage caused by these attacks has been increasing because it has become difficult to distinguish between malicious sites at a glance, as only one character in the destination URL may differ.