Email spoofing involves creating forged email messages to deceive recipients into believing they are from trusted sources, leading to serious risks such as phishing, data breaches, and reputational damage. Notable incidents, including large financial losses for companies like Google and Facebook, and ransomware attacks against institutions like UCSF, highlight the urgency for effective prevention measures such as SPF, DKIM, DMARC, and user training. The document emphasizes the need for organizations to adopt best practices to protect against the increasing threat of email spoofing.

1. EMAIL SPOOFING
INSTANCES
Yashawanth Anchan KN
Poorna M
ShruthaKeerthiRaj
Prasthuth Shetty
WITH
Presentation by:

2. ● Email spoofing is the creation of email messages
with a forged sender address.
● Typically used to deceive recipients into thinking
the email is from a trusted source.
● Can lead to phishing attacks, data breaches,
financial loss, and reputational damage.
What is Email Spoofing?

3. ● Forging Sender Address: Attackers manipulate the
email header to fake the sender's address.
● Deceptive Content: Emails often contain misleading
information or malicious links.
● Spoofed emails are sent to unsuspecting recipients.
How Email Spoofing Works

4. ● Financial Loss: Direct monetary loss due to fraud.
● Data Breach: Unauthorized access to sensitive information.
● Reputational Damage: Loss of trust from customers and
partners.
● Legal Implications: Potential lawsuits and regulatory penalties.
Consequences of Email Spoofing

5. Technical Measures:
● SPF (Sender Policy Framework): Validates the sender's IP address.
● DKIM (DomainKeys Identified Mail): Verifies the message's integrity.
● DMARC (Domain-based Message Authentication, Reporting &
Conformance): Aligns SPF and DKIM to prevent spoofing.
● User Awareness: Regular training on recognizing and handling
suspicious emails.
● Incident Response Plan: Develop a plan for responding to email
spoofing incidents.
Prevention and Mitigation

6. ● Incident: Over a period of two years, cybercriminals used email spoofing to
impersonate a Taiwanese hardware supplier, Quanta Computer, and trick
employees at Google and Facebook into wiring payments for fake invoices.
The attackers sent spoofed emails that appeared to be from legitimate
Quanta employees, requesting payment for services rendered.
● Impact: Google and Facebook collectively lost over $100 million to the
scam before it was discovered. The attacker behind the scheme was
eventually caught and extradited to the United States to face charges.
Google and Facebook Scams (2013-2015)

7. ● Incident: UCSF, a major research university, fell victim to a ransomware
attack that started with an email spoofing campaign. Attackers used
spoofed emails to trick employees into downloading malicious files, which
then encrypted critical research data, including COVID-19 research. The
attackers demanded a ransom to decrypt the data.
● Impact: UCSF ended up paying a ransom of $1.14 million to recover
their files. The attack disrupted important research and raised concerns
about the security of academic institutions, especially those involved in
critical public health research.
University of California, San Francisco (UCSF) Ransomware Attack (2020)

8. ● Incident: In a high-profile incident in July 2020, Twitter accounts of prominent
individuals and companies, including Elon Musk, Bill Gates, and Apple, were
hacked in a coordinated attack. The attackers used email spoofing as part of their
initial social engineering efforts to gain access to Twitter's internal tools. Once
inside, they sent out tweets from the compromised accounts promoting a Bitcoin
scam.
● Impact: The scam resulted in the theft of over $100,000 in Bitcoin within a few
hours. The incident highlighted the risks associated with social engineering and
email spoofing, even within major tech companies, and led to increased scrutiny of
Twitter's security practices
The Bitcoin Scam on Twitter (2020)

9. ● Incident: Mattel, the toy manufacturing giant, fell victim to a BEC
attack in 2015 when an employee received an email that appeared
to be from the CEO. The email requested an urgent $3 million wire
transfer to a new Chinese vendor. The transfer was authorized and
completed, but the company later discovered it was a scam.
● Impact: Fortunately for Mattel, the Chinese bank was closed for a
holiday when the fraud was discovered, allowing Mattel to reverse
the transaction. However, the incident was a close call and led to
tighter security measures within the company
Mattel (2015)

10. ● Incident: Sony's PlayStation Network (PSN) was breached in 2011,
leading to the theft of personal information from 77 million user
accounts. The breach was partly facilitated by email spoofing and
phishing attacks targeting Sony employees, which allowed attackers to
gain access to the network.
● Impact: The breach forced Sony to shut down the PSN for several
weeks, causing significant disruption to users and leading to substantial
financial losses. Sony also faced legal action and was required to
improve its cybersecurity measures
The Sony PlayStation Network Breach (2011)

11. ● Incident: Snapchat was targeted by an email spoofing attack in 2016,
where attackers impersonated the CEO and requested sensitive payroll
information from the HR department. The HR employee, believing the
email to be legitimate, sent over the payroll data of hundreds of current
and former employees.
● Impact: The data breach exposed the personal information of
Snapchat employees, including their Social Security numbers.
Snapchat quickly notified the affected individuals and offered identity
theft protection, but the incident raised awareness about the need for
stronger internal security protocols.
Snapchat (2016)

12. ● Email spoofing is a significant cyber threat with serious
consequences.
● Encourage organizations and individuals to adopt best
practices to prevent and mitigate spoofing attacks.
Conclusion