Technical Segment: Email Spoofing and Phishing
Highlight: If a company is using Google Apps for Work and has not set up SPF/DKIM/DMARC their domain can be leveraged to spoof emails..very reliably.
- Surprise surprise, people click links! Do you even need to be crafty? No probably not, but lets discuss some ways anyhow.
- You can spoof Emails - It can happen: Great write-up from Cobalt Strike
- If you are new to the email spoofing you should really read this article
- Telnet to the mail server, and attempt to manually craft the email. This works in default configurations on many Email servers and security appliances - SPF/DKIM/DMARC may not be setup allowing you to send email from the domain unauthenticated - The Cobalt Strike blog demonstrates that.
- This can also be done in Gmail! - Shows up as spoofed in normal gmail, but what about Google Apps for Work - You do not have SPF/DKIM/DMARC setup and can very easily spoof emails from that domain - both two the target domain and externally, and it will very frequently bypass security controls - we will release code on how to do that.
- We are normally targeting organizations that leverage Outlook - It will only grab the name portion of the email header (not the email) and present that to users, so you can have a Gmail email (can bypass controls since its Gmail/legit) and you can send email using Python (or another scripting language), and modify the name to be a quazi-spoof.