Mailsploit Emailing Spoofing

Mailsploit is a new way to easily spoof email addresses when sending emails. It allows the attacker to display any email address as the from address to the email recipient by modifying the header of the email.

Threat ID:: CC-1861
Category:
Threat Severity:: Low
Threat Vector:: Email
Published:: 14 December 2017 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Affected platforms

The following platforms are known to be affected:

Microsoft Outlook

All major email client applications including:

Apple Mail
Microsoft Outlook
Mozilla Thunderbird
Mail for Windows 10

Mozilla Thunderbird

Threat details

The header of the email is modified in such a way that the mail clients ignore the real from address and show the spoofed email address. The "Reply To" is also modified in the headers to ensure the glitch isn't noticed. Using this method circumvents spoofing protection mechanisms such as DMARC (DKIM/SPF) and spam filters.

In addition to the spoofing vulnerability, some of the tested applications also proved to be vulnerable to XSS and code injection attacks.

Remediation steps

Type	Step
	Ensure that all email clients are patched and up-to-date

Last edited: 17 February 2020 11:34 am