From the course: Threat Modeling: Spoofing In Depth
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Spoofing a specific person in email
From the course: Threat Modeling: Spoofing In Depth
Spoofing a specific person in email
- I've already talked in general about spoofing a person. Email is a common example. If I want to claim that my name is Little Red Riding Hood, I can go into my email client and just do this. Now, when I send email, it displays as Little Red Riding Hood and no one's the wiser, unless of course, their email program cleverly displays email addresses. That's not the best way of changing my identity. Anyone can see that my email is still BigBadWolf@badguys.com. So really, I should go and set up an entirely new email address and hey, LittleRedRidingHood@badguys.com is already taken, that's weird. So I can just take LittleRed@badguys.com and now all good. Now, my email matches my name and that's helpful, but someone might look at the domain name. I can get a domain that looks like the one someone expects. Maybe RidingHoods.com? Each of these could be a real email address of one of the domains. The spoofing is happening at a human level, but I can also send email and have it look like it's…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.