Comment on How do email scammers spoof my email?
thanks_shakey_snake@lemmy.ca 1 year agoDunno who’s downvoting this, but that’s honestly a valid possibility. The other answers explain a really important concept (it’s really easy to fake from addresses) but these ideas aren’t wrong.
Dr_Cog@mander.xyz 1 year ago
It’s not a possibility at all unless the “hacker” is extremely stupid.
If you have access to an account, you generally don’t want to make the owner of the account suspect that it is compromised.
thanks_shakey_snake@lemmy.ca 1 year ago
Or the “hacker” is an automated script (…which is probably pretty stupid, to your point), as the vast majority of attacks are.
If it’s more like a spearphishing-to-impersonate attack-- i.e. A specific individual is being targeted-- then yeah, it’d be important to avoid detection. They wouldn’t do that unless they are extremely bad at their task.
But most attacks are fairly coarse attempts at exploiting a rather glaring security hole against a large number of targets, and their goal might not be what you’d think… Like for example “iterate through this list of 100,000 sites, see if they’re using ``, and test to see if they still have the default admin password.” The attacker doesn’t care about being foiled by any one victim, because (for example) their goal is to collect accounts that are:
a) Unmonitored by their owners, and; b) Able to send and receive emails
Is that scenario more likely than FROM address forgery? No. Is that scenario “not a possibility at all?” Also no.