Attention Forged(spoofing) email attack

This is to notify, YM  is under forged email threadten. The attacker’s purpose is to deceive the employees or customers in order to steal money or information.

Briefly described, spoofing attacks include:

1.     Envelope From abuse: Making the domain in the sender’s Mail From value (also referred to as "Envelope From”) the same as the recipient’s domain. This paper uses the terms “Mail From” and “Envelope From” interchangeably.

2.     From header abuse: Using a legitimate domain for the sender’s Envelope From value but using a fraudulent From header.

3.     Cousin domain abuse: Sending email from cousin domains that pass Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-Based Message Authentication, Reporting, and Conformance (DMARC) checks. The From value will show a similar sender address that impersonates a real one (for example, using alice@yangming.com to impersonate alice@yongming.com).

4.     Free email account abuse: Using free email (Yahoo, Gmail, etc.) that pass SPF, DKIM and DMARC checks. The From header will show a legitimate sender address with an executive’s name@gmail.com.

To avoid any loss and misunderstanding. Any change about order or money information, please double check.

Sincerely yours.

各位長官同仁好
目前假冒(詐騙)電子郵件問題層出不窮，犯罪者計畫竊取員工或是客戶金錢或是資訊。

假冒(詐騙)信特徵
   1.  偽裝 電子郵件寄件者
   2.  偽裝 電子郵件標題
   3.  電子郵件之郵件域名看起來很像，比方  myemail@yangming.com  與   myemail@yongmming.com 這兩個看起來非常的像。
   4.  免費電子郵件 比方  myemail@gmail.com  與  myemail@yangming.com

為了避免損失與誤會。任何 訂單與金錢有關之異動，請務必 double check.

資訊部敬啟