How does email spoofing work?

Lets take a look at how emails are spoofed by malicious users!

How does email spoofing work?

Email spoofing has always been something I've found interesting since day 1! But I never really tried or knew how to do it. I recently found out how it's done and I thought I’d write about it for other people who are as curious as me! Disclaimer: This is strictly for educational purposes only. Enough of me blabbering! Let's get into it :)


Step 1 — Installing The Social-Engineer Toolkit (SET)

We will be using the SET framework to help us perform the “Attack”. So let's go ahead and install it!

apt-get install set

To verify if the framework is successfully installed on the machine, enter the command “setoolkit” and see if anything pops up.

If you see this, you have successfully installed the framework!


Step 2 — Setting up an SMTP mail server

For this, we will be using MAILGUN as it offers a free service for beginners will limited bandwidth. Head to the site and create a free account for a trial.

The first step will be to set up your SMTP user account for verification like so.

If you had followed the steps correctly, you would see your SMTP user added in the user settings. There would also be some connection information at the bottom. Heads up: If you missed your password the first time it showed up just hit reset password and a new one will be showed to you. Remember to copy it and keep it safe!!


Step 3 — Initiating the attack (demo)

Since this is a simulated attack, I will be spoofing an email to my own personal inbox. (THIS IS STRICTLY FOR EDUCATIONAL PURPOSES ONLY!!)

Now, lets try and spoof this email right here.

First, open the setoolkit with the command setoolkit

Next up, select option 1 as we are going to conduct a type of social engineering attack.

In this menu, we are going to select option 5 which will allow us to send spoofed emails.

In this menu, we are going to select option 1 for our use case. After choosing option 1 we will be able to enter all the details we need for the program to successfully spoof an email

Send email to: recipient's address

THEN SELECT `USE YOUR OWN SERVER OR OPEN RELAY`

From address: The address you want the recipient to see
From name: The "from" name you want the recipient to see

Username for open-relay: can be found on mailgun's dashboard

Password for open-relay: can be found on mailgun's dashboard

SMTP email server adderss: smtp.mailgun.org

Flag this message/s as high priority? YES/NO (up to u)

Do u want to attach a file - Y/N: (up to u)

Do u want to attach an inline file - Y/N: (up to u)

Email subject: (up to u)Send the message as html or plain - h/p: (up to u)

Enter body: (up to u); Remember to type `END` after u are done

Here's a brief walkthrough on what you need to enter in the various fields.

If you have followed the steps correctly, you would have seen the following.

Now head to your inbox and check if the email has been sent.


BOOM! There we go :) that's how you spoof an email address and successfully get it into your target’s mailbox. side note: you can get rid of the “via — line by paying for a proper personal SMTP server”

I hope this has helped my fellow curious tech heads out there :) JUST A REMINDER! Please do not misuse this! This was strictly for educational purposes only!! Cheers!

~Nee