DeepAI AI Chat
Log In Sign Up

Revisiting Email Spoofing Attacks

by   Hang Hu, et al.

The email system is the central battleground against phishing and social engineering attacks, and yet email providers still face key challenges to authenticate incoming emails. As a result, attackers can apply spoofing techniques to impersonate a trusted entity to conduct highly deceptive phishing attacks. In this work, we study email spoofing to answer three key questions: (1) How do email providers detect and handle forged emails? (2) Under what conditions can forged emails penetrate the defense to reach user inbox? (3) Once the forged email gets in, how email providers warn users? Is the warning truly effective? We answer these questions through end-to-end measurements on 35 popular email providers (used by billions of users), and extensive user studies (N = 913) that consist of both simulated and real-world phishing experiments. We have four key findings. First, most popular email providers have the necessary protocols to detect spoofing, but still allow forged emails to get into user inbox (e.g., Yahoo Mail, iCloud, Gmail). Second, once a forged email gets in, most email providers have no warnings for users, particularly on mobile email apps. Some providers (e.g., Gmail Inbox) even have misleading UIs that make the forged email look authentic. Third, a few email providers (9/35) have implemented visual security cues for unverified emails, which demonstrate a positive impact to reduce risky user actions. Comparing simulated experiments with realistic phishing tests, we observe that the impact of security cue is less significant when users are caught off guard in the real-world setting.


page 1

page 2

page 3

page 4


Forward Pass: On the Security Implications of Email Forwarding Mechanism and Policy

The critical role played by email has led to a range of extension protoc...

Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks

As a fundamental communicative service, email is playing an important ro...

"All of them claim to be the best": Multi-perspective study of VPN users and VPN providers

As more users adopt VPNs for a variety of reasons, it is important to de...

Watching the Weak Link into Your Home: An Inspection and Monitoring Toolkit for TR-069

TR-069 is a standard for the remote management of end-user devices by se...

Research of Caller ID Spoofing Launch, Detection, and Defense

Caller ID parodying produces the valid Caller character, in this manner ...

IriTrack: Liveness Detection Using Irises Tracking for Preventing Face Spoofing Attacks

Face liveness detection has become a widely used technique with a growin...

Development of a Fuzzy Expert System based Liveliness Detection Scheme for Biometric Authentication

Liveliness detection acts as a safe guard against spoofing attacks. Most...