App-savvy people beware. A new app is on the market that can launch a spoofing attack on you. 22-year-old Rupesh Bhandari was recently arrested for developing and deploying a Google Play Store App called Email Spoofer that can forge sender signatures on fake emails and steal money. The news has been made public along with the data on several victims across the country. But caution still needs to be advised as the app has not yet been taken down from the Play Store.
At a Glance
1.1 About the App
The app is very obviously titled Email Spoofer. It targets banks, hiring companies, matrimonial sites and other avenues dealing with huge customer data. Once an intruder gains access to these organizations’ email lists, he/she has everything necessary to continue with spoofing.
The app, equipped with the ability to mimic the ‘from’ address of an email, can be used to fool victims by sending ‘authoritative’ emails. The email can then ask for sensitive financial details or issue directives to make money transfers. Since the email has been carefully designed to look authentic and the email seems to originate from a trusted sender, people will likely not think twice before following up with the instructions detailed in the message body.
To use the app, the hacker needs two types of email addresses: the email address of the entity to be spoofed (e.g. mailbox id of the email account used by the SBI bank) and that of the victim to be scammed.
1.2 Developments Around the Incident
Delhi Police Cyber Cell got alerted to the app after receiving repeat complaints from victims claiming that they’ve been defrauded by banks, matrimonial, and job sites.
The companies denied those claims, which made the Cyber Cell inspect the malicious emails and reverse trace them to the Email Spoofer App and in turn, to Bhandari.
Bhandari was duly arrested, and police found a stash of around 1.5 lakh emails on his laptop, thus giving away the worrisome scale of the operation.
1.3 The Takeaway
Protect your mailbox. That is the primary action item towards better security since email has repeatedly been used as the entry point for hacking. Be wary of all attachments and strange requests for details that wouldn’t be demanded through email. Get the services of a security provider that can use encrypted keys to filter out untrusted senders, however much a hacker tries to mimic authenticity.
Our DMARC tool can do this for you very easily. Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email-validation system, designed to detect and prevent email spoofing. It is an email authentication standard for receiving mail servers to determine how to evaluate emails that claim to be from your/sender domain & works on “mail from” address. We use a combination of the SPF (Sender Policy Framework) and DKIM (Domain Key identified Mail) to verify whether the sender address resolves to the correct entity or not. You can perform a quick check for the health status of your email domain here.
“Some mails even show monetary transactions,” a source reported to Times of India regarding the Email Spoofer app. “However, we are yet to ascertain the money trail. The application could be misused for threatening activities, job applications, suspicious activities and impersonating people.”
Maintaining overall email security, as is evident from this event, has become vital.
