[SingCERT] Alert on Mailsploit to Spoof Email Addresses

Published on Thursday, 07 December 2017 19:29

Background

On 5 December 2017, a security researcher disclosed a set of vulnerabilities dubbed "Mailsploit" which allowed hackers to send a well-crafted spoofed email. The exploit allows non-standard characters to be encoded into emails to trick recipients into believing they have received the email from a specific individual. 

Affected Software

More than 30 applications, including popular email clients such as Apple Mail, Mozilla Thunderbird, Yahoo Mail, ProtonMail and several Microsoft email clients, are known to be affected. A comprehensive list can be accessed here.

Impact

The vulnerability may lead to an increase in phishing emails utilising this new spoofing technique.  Unwary email recipients might fall prey to the scam and click on malicious links or attachments thinking they were from trusted sources.

Recommendations

SingCERT recommends users to: 
Update their email clients software when the patch is available.
Avoid clicking on suspicious links or attachments.
Verify with the sender, using a different channel such as phone calls

Users can also use antivirus software or free online tools such as VirusTotal to scan attachment for malicious content.

Advanced users can consider digitally signing their outgoing emails so that the receiver can verify the authenticity as well as the integrity of the email.

References

https://www.mailsploit.com/index
https://www.bleepingcomputer.com/news/security/mailsploit-lets-attackers-send-spoofed-emails-on-over-33-email-clients/
https://www.wired.com/story/mailsploit-lets-hackers-forge-perfect-email-spoofs/