Blog

Phishing and Email Spoofing: what they are, the differences and how to spot them

17 February 2021 Comments Off on Phishing y Email Spoofing: qué son, diferencias y cómo detectarlos

Unfortunately, users, companies and organisations have to deal more than we would like with scams than we would like to. phishing email y email spoofing. Cybercriminals are constantly updating and improving their deception tactics, increasing the number of users who fall into their nets on a daily basis. In addition to this, there is the fact that Spain is the country that receives the most phishing emailsThis is a truly worrying development.

In this post we will focus our efforts on defining phishing and email spoofing tactics, what the differences are between them and how to detect them.

What is Phishing?

The phishing is a technique used by cybercriminals to deceive users and obtain personal information (passwords, credit card details, bank account numbers, etc.) from them by impersonating companies or organisations they trust, either via email, telephone or other means.

What is Email Spoofing?

The Email spoofing is a technique that consists of creating and sending emails with a false sender address or, in other words, impersonating the person, company or organisation sending the email. The "from" field of the sender is false, even though it is similar or almost identical to that of the impersonated sender that the recipient trusts.

It is a technique that is very often used by phishers to mislead the user about the real origin of the message and the spammers to bypass spam filters.

What is the difference between Phishing and Spoofing Email?

It is sometimes difficult to understand the difference between the two techniques, as they are often used together. However, the phishing would be deception that occurs with the intention of obtaining and stealing private information from the user, therefore, the focus is on what the fraudster is trying to achieve (purpose: theft) and on the other hand the spoofing would focus on the act of impersonation of a person, company, entity or organisation by the cyber offender (action: impersonation). Unlike the phishingthe attack of spoofing can cause damage without necessarily stealing the information.

The two techniques can be used separately or, as mentioned above, simultaneously.

How can we detect them?

While it is true that cybercriminals are constantly looking for and updating strategies to make their hoaxes more credible, there are a number of elements that can help us identify when we are receiving an attack. phishing email o email spoofing.

In terms of phishing usually refers to the email is very similar to the one we would receive from a well-known and trusted company, organisation or entity. They use their logo and a very similar design so that the user has no doubts about their origin and true sender. However, they are a hoax. How can we identify them? The motive of the message almost always revolves around a false story where we end up being asked to click on a link or open/download a document. The messages could be related to the following:

  • They have detected that someone other than you is logged into an account and are asking you to check your details or change your password by clicking on a link.
  • There is a problem with your account and they ask you to review, modify or directly give them your personal or bank details.
  • They inform you that the company, entity or organisation will reimburse you and they need personal or bank details.
  • They encourage you to collaborate with a charitable cause and to provide your details or bank information to make a donation.
  • They inform you that you have won a prize or a draw and that you have to click where they tell you to do so.
  • They provide you with a fake ticket or invoice in order to get you to open or download these documents.

In the case of the email spoofingwe will have to look at the from email to detect if we see any small changes from the original address. Often the change is minimal and goes unnoticed, but it is also true that many users tend to never look at this field. Here are some of the elements that can be changed:

  • Use of the same subdomain: an email pretending to be @amazon.is sent from a @amazon.payment11.com).
  • Use of homographically similar mailings: instead of @amazon.es, use @amazon.es, which, although they look the same, the second uses a Unicode code that is not included in the alphabet, but is available on the Internet.
  • Email addresses with  typosquatting errors that go unnoticedan @amazon.co.uk email sent from another @amaz0n.co.uk email.

But how can we protect ourselves as a user, company, organisation or entity? We will soon see what steps we can take to increase the level of security against these threats.