I just received this email, it's obviously spam. However, what struck me was that this is by far the most interesting use of my details (from one of the many database leaks over the years) that I've seen. It has a password that was used on one my accounts that got caught in the leak and the body of the email is generic enough that it could apply to many.
The only thing I don't get about this, is how can you spoof a local email? Usually, you expand the details from [email protected] (or whatever it is) and you see a ridiculously foreign email address. How, in Outlook, do you make it so when you expand the details, it gives you your own contact and email information?
Really easily as it happens, a few commands in telnet and you are away, if as an organisation you have open smtp relay it's trivial. Mind you although you can spoof quite a lot generally you can't spoof it all, if you save the email and look at it's envelope sender property you might actually see where it originated from. We have in the past created some seriously decent spoofs that we test our staff with where I work. We tested some of them in house and it's quite scary a) how easy it is to spoof email headers and b) how many people fall for these things. We don't do any of them in house anymore but we do construct campaigns in KnowB4 to spoof and fish test people.
Last edited: