I recently received a bogus email that used the Bitdefender domain. noreply_community@bitdefender.com
How is this possible ? I would expect BD to be very secure.
Most likely, they spoofed the email. See this article:
https://www.bitdefender.com/en-us/blog/hotforsecurity/security-tips-for-spotting-and-protecting-against-a-spoofed-email
Only looking through the email header would tell for sure.
Hi Thanks. I get the Spoofing thing, but my question is how these guys get hold of someone's domain - or do they have the ability for the email to only appear as if it is from that domain ?
The normal "easy" spoofing is possible because the SMTP protocol used to send email allows the sending client to enter any sender it wants. In the old days, you could send email as anyone from any server. Nowadays, major email services perform more checks, so this isn't possible in many cases (Google would just reject the email); however, if your email provider is not a good/major one, this isn't guaranteed.
Another normal "easy" way is to manipulate the "From:" line in the header so that when shown in abbreviated form, like on a mobile email client, only the spoofing part is apparent, and the actual email isn't displayed.
The "hard" way requires security compromises on the domain owner. Attackers can breach email system security, allowing them to send emails from the owner's own email system. They can also take control of the DNS of the domain owner, allowing them to reconfigure emails sent from unauthorized systems as legitimate.
To tell for sure, you may need to analyze the email header, which is often not that straightforward nowadays if you use email aliases, etc.
I just had a conversation with Bitdefender Support via chat. They have created a ticket and escalated the query to their backend department. As soon as I receive an update via email, I will update this post. Below is the chat transcript for reference.
Regards
Thank you for the help. Let's see what comes out.
I think that one of the prime contributors is that there are unscrupulous email service providers out there - they do not question the obvious use of other users' domains.
