Now, continuing with the double whammy of cybersecurity issues in recent days, we have another that facilitates impersonation for phishing. One researcher has dug up a new collection of bugs in email programs that in many cases strip away even the existing protections against email impersonation, allowing anyone to undetectably spoof a message with no hint at all to the recipient.
On Tuesday Sabri Haddouche revealed Mailsploit, this is an array of methods that allows email spoofing in lots of email clients. These clients include but are not limited to Apple Mail for iOS, Thunderbird from Mozilla, and Microsoft’s Outlook 2016 and Mail clients.
However, lesser known clients are known to be affected as well. This includes Opera Mail, Airmail, Spark, Guerrilla Mail and AOL Mail. With this, Sabri has managed to create email spoofs that seem like they have been written by whatever address the fraudster chooses. Making this the perfect tool for phishing scammers and a much harder way to determine them.
Haddouche made a website which describes Mailspoit in more detail. – with a rather hilarious Back To the Future logo. – We see a video showing the exploit working on the iOS operating system and the website offers a demo of the exploit allowing anyone to send a message to another user.
Not everything is doom and gloom news though. Haddouche contacted all of the affected firms months ago to warn them about the vulnerabilities he’s found. Some clients like Yahoo Mail, Protonmail and Hushmail have fixed their issues.
However, there’s also the good-ol’ guys who haven’t patched their issues either. Apple and Microsoft are working on patches for the mail bugs. However, most of the other affected web services haven’t responded to Sabri’s warning.
You can read the full list of affected parties right here. Once again, be careful about the email you receive and try to not fall for the phishing scams.