Email flaw makes phishing easier with “mail sploit”

1
Email Flaw Makes Phishing Easier with MailSploit

• www.takingitmobile.com
  888.877.5002

2
Phishing email attacks are nothing new. You get a
bunch of random emails that look like they were
sent from known friends and businesses. Yet, when
you hover over the actual email address you see
that it is fake with some weird string of numbers
and letters, so you know it is a phishing scam.

• www.takingitmobile.com
  
  888.877.5002

3
Many email clients also have features where they
look for these types of emails and move them to a
spam or junk mail folder. Some clients even
allow you to mark the emails as phishing scams.

• www.takingitmobile.com
  
  888.877.5002

4
However, even with these advances, there is a new
vulnerability that is making it easier for those
individuals and groups that practice in black
hat phishing scams called MailSploit.

• www.takingitmobile.com
  
  888.877.5002

5
The vulnerability was discovered recently by a
security research technician in Germany named
Sabri Haddouche. The vulnerability has to do with
how email clients interpret the data in the
from data field in emails.

• www.takingitmobile.com
  
  888.877.5002

6
Currently, there is an old standard still in
practice by numerous email clients from 1992 that
is called RFC-1342. This standard requires all
header data in emails to be converted into ASCII
character data. If the email client encounters
non-ASCII formats, it converts it into the
appropriate ASCII character.

• www.takingitmobile.com
  
  888.877.5002

7
Where the vulnerability stems from is after the
email clients convert non-ASCII data into ASCII
character formats, the clients never go back to
re-scan the header data for malware or viruses.
In addition, there is a secondary vulnerability
that can be hidden within the header data content.

• www.takingitmobile.com
  
  888.877.5002

8
The RFC-1342 standard also cannot address issues
with multiple email addresses in the header data
or null-byte data types. In other words, if the
email client encountered two or more email
addresses in the header data, the only one read
and verified for ACSII format is the first email
address.

• www.takingitmobile.com
  
  888.877.5002

9
As a result, hackers and others that use black
hat tactics could essentially hide malware,
viruses, and other payloads using one or both of
these vulnerabilities. For email recipients, it
would appear like the email came from someone
they trusted and knew.

• www.takingitmobile.com
  
  888.877.5002

10
Upon opening the email, there could be a
trigger that installs a malicious program or
virus onto the device. In some cases, there could
be clickable links embedded in the email and once
clicked, download and install malicious programs
onto the device.

• www.takingitmobile.com
  
  888.877.5002

11
There are thirty-plus email clients affected by
the vulnerability. However, Gmail is not one of
them. Those email clients affected include

• www.takingitmobile.com
  
  888.877.5002

12
1. Mozilla Thunderbird 2. AOL Mail 3.
Outlook4. Yahoo! Mail 5. Opera 6. Mail for
Windows 107. Spark8. Apple Mail of iOS/macOS9.
ProtonMail

• www.takingitmobile.com
  
  888.877.5002

13
Out of the affected email clients, so far eight
companies have released patches to fix the
vulnerability and a dozen others are in process
of developing a patch to fix the problem.

• www.takingitmobile.com
  
  888.877.5002

14
In the event you accidentally open a phishing
email that causes your device to crash or causes
your storage device to fail, please feel free to
contact the data recovery experts at Taking It
Mobile at 888.877.5002 (1-888-Call-TIM)
today!Source- http//www.takingitmobile.com/ema
il-flaw-makes-phishing-easier-with-mailsploit/

• www.takingitmobile.com
  
  888.877.5002