Don’t be surprised if you see spam coming from the top websites in the world. Lax security standards are allowing anyone to "spoof" emails from some of the most-visited domains, according to new research. This allows hackers to pull off a social engineering scam called CEO fraud.
Email spoofing — a common tactic of spammers — basically involves forging the sender’s address. Messages can appear as if they came from Google, a bank, or a best friend, even though the email never came from the actual source. The spammer simply altered the email’s "from" address.
Authentication systems have stepped in to try and solve the problem. But many of the top website domains are failing to properly use them, opening the door for spoofing, according to Sweden-based Detectify, a security firm.
The company analyzed the top 500 websites ranked by Alexa and found that 276 of the domains are vulnerable as a result, it said in a blog post on Monday. Here is the full article at PC World