Top website domains are vulnerable to email spoofing

Don’t be surprised if you see spam coming from the top websites in the world. Lax security standards are allowing anyone to “spoof” emails from some of the most-visited domains, according to new research.

Email spoofing — a common tactic of spammers — basically involves forging the sender’s address. Messages can appear as if they came from Google, a bank, or a best friend, even though the email never came from the actual source. The spammer simply altered the email’s “from” address.

Authentication systems have stepped in to try and solve the problem. But many of the top website domains are failing to properly use them, opening the door for spoofing, according to Sweden-based Detectify, a security firm.

To read this article in full or to leave a comment, please click here