Attention Forged(spoofing) email attack 假冒(詐騙)電子郵件威脅

Attention Forged(spoofing) email attack

This is to notify, YM  is under forged email threadten. The attacker’s purpose is to deceive the employees or customers in order to steal money or information.

Briefly described, spoofing attacks include:

1.     Envelope From abuse: Making the domain in the sender’s Mail From value (also referred to as "Envelope From”) the same as the recipient’s domain. This paper uses the terms “Mail From” and “Envelope From” interchangeably.

2.     From header abuse: Using a legitimate domain for the sender’s Envelope From value but using a fraudulent From header.

3.     Cousin domain abuse: Sending email from cousin domains that pass Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-Based Message Authentication, Reporting, and Conformance (DMARC) checks. The From value will show a similar sender address that impersonates a real one (for example, using to impersonate

4.     Free email account abuse: Using free email (Yahoo, Gmail, etc.) that pass SPF, DKIM and DMARC checks. The From header will show a legitimate sender address with an executive’s

To avoid any loss and misunderstanding. Any change about order or money information, please double check.

Sincerely yours.


   1.  偽裝 電子郵件寄件者
   2.  偽裝 電子郵件標題
   3.  電子郵件之郵件域名看起來很像,比方  與 這兩個看起來非常的像。
   4.  免費電子郵件 比方  與

為了避免損失與誤會。任何 訂單與金錢有關之異動,請務必 double check.