The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: email spoofing

Fake Bomb Threat Emails Demanding Bitcoins Sparked Chaos Across US, Canada

Fake Bomb Threat Emails Demanding Bitcoins Sparked Chaos Across US, Canada

December 14, 2018Mohit Kumar
"Pay $20,000 worth of bitcoin, or a bomb will detonate in your building" A massive number of businesses, schools, government offices and individuals across the US, New Zealand and Canada on Thursday received bomb threats via emails that caused nationwide chaos, forcing widespread evacuations and police response. The bomb threat emails were apparently sent by spammers, threatening people that someone has planted bombs within their building that will be detonated unless a bitcoin payment of $20,000 is paid by the end of the business day. "I write to inform you that my man has carried the bomb (Tetryl) into the building where your business is located," one of the emails posted to social media read . "It was assembled according to my instructions. It can be hidden anywhere because of its small size, it cannot damage the supporting building structures, but there will be many victims in case of its explosion." "You must pay me by the end of the
MailSploit — Email Spoofing Flaw Affects Over 30 Popular Email Clients

MailSploit — Email Spoofing Flaw Affects Over 30 Popular Email Clients

December 05, 2017Mohit Kumar
If you receive an email that looks like it's from one of your friends, just beware! It's possible that the email has been sent by someone else in an attempt to compromise your system. A security researcher has discovered a collection of vulnerabilities in more than 30 popular email client applications that could allow anyone to send spoofed emails bypassing anti-spoofing mechanisms. Discovered by security researcher Sabri Haddouche , the set of vulnerabilities, dubbed MailSploit , affects Apple Mail (macOS, iOS, and watchOS), Mozilla Thunderbird, several Microsoft email clients, Yahoo Mail, ProtonMail, and others. Although most of these affected email client applications have implemented anti-spoofing mechanisms, such as DKIM and DMARC, MailSploit takes advantage of the way email clients and web interfaces parse "From" header. Email spoofing is an old-school technique, but it works well, allowing someone to modify email headers and send an email with the fo
Bug in Gmail app for Android Allows anyone to Send Spoofed Emails

Bug in Gmail app for Android Allows anyone to Send Spoofed Emails

November 14, 2015Swati Khandelwal
A security researcher has discovered an interesting loophole in Gmail Android app that lets anyone send an email that looks like it was sent by someone else, potentially opening doors for Phishers. This is something that we call E-mail Spoofing – the forgery of an e-mail header so that the email appears to have originated from someone other than the actual source. Generally, to spoof email addresses, an attacker needs: A working SMTP (Simple Mail Transfer Protocol) server to send email A M ailing Software However, an independent security researcher, Yan Zhu , discovered a similar bug in official Gmail Android app that allowed her to hide her real email address and change her display name in the account settings so that the receiver will not be able to know the actual sender. How to Send Spoofed Emails via Gmail Android App? To demonstrate her finding, Zhu sent an email to someone by changing her display name to yan ""security@google.com" (w
AOL Hit by Massive Data Breach, Urges Users to Change Passwords

AOL Hit by Massive Data Breach, Urges Users to Change Passwords

April 29, 2014Wang Wei
If you are a user of the American On-Line (AOL) mail service then you are advised to change your password as soon as possible. AOL Inc. on Monday confirmed the company suffered a massive data breach that may have affected a "significant number" of email accounts. The company has issued a warning to users that their personal information including email addresses, postal addresses, address books, encrypted passwords and the encrypted answers to security question-answers, has been stolen by attackers, the New York-based company said Monday. " The ongoing investigation of this serious criminal activity is our top priority, " AOL said in a blog post . " We are working closely with federal authorities to pursue this investigation to its resolution. Our security team has put enhanced protective measures in place, and we urge our users to take proactive steps to help ensure the security of their accounts ." AOL said it began investigating the
Twitter added DMARC support to prevent email phishing

Twitter added DMARC support to prevent email phishing

February 22, 2013Mohit Kumar
Twitter announced via its blog today that it has begun using a new method called Domain-based Message Authentication, Reporting and Conformance (DMARC) to help prevent email phishing. DMARC is actually a standard for preventing email spoofing, in order to make it harder for attackers to send phishing emails that appear to come from twitter.com addresses. Sometimes it’s not easy to figure out if an email is legitimate or not. It implementing the SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) email message validation and authentication systems. Twitter says it started using the DMARC earlier this month. While the DMARC specification does need support from e-mail services, outfits including AOL, Gmail, Hotmail or Outlook and Yahoo already make use of it. It has also been implemented by services like Facebook, PayPal, Amazon and now Twitter. If you don’t use Gmail or one of the other email providers listed above, you may not be protected. It might be
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.