What is IP?
The IP adress is simply the identity of the device. An IP address consists of four numbers separated by dots, for example your ip address is 00.00.000.000. IP Address allows a computer on the internet to be easily found by other devices.
What is Mail?
Electronic maill (e-mail) is a type of communication that enables voice, text, image or different file transfer via the internet. This technology, which enables very fast communication is frequently preferred in business or personal use.
What is Spoofing?
Spoofing is sending TCP/IP packets over any IP address. The target that receiving the package containing the fake IP packet cannot know this IP adress is real or not and they usually don't investigate this.
What is IP Spoofing?
It is an incognito method often used by malicious hackers. Another use is to be anonymous using someone's IP without putting the tool in the connection.
What is Mail Spoofing?
Mail Spoofing is to deceive the victim by sending an e-mail from an e-mail address. Usually scammers use it. Sometimes it can be used in situations where one on one contact with the victim is required, such as social engineering and information gathering. However, it is not a very good method.
How to do IP & Mail spoofing?
There are many tools written for this. The most used tool is below.
https://github.com/mikechabot/smtp-email-spoofer-py
This tool is the best tool for those doing this job. Let's use it now.
Installation
git clone https://github.com/mikechabot/smtp-email-spoofer-py
cd smtp-email-spoofer-py
pip3 install -r requirements.txt
python3 spoof.py -h
Let's run it with the command. It is simple to use but since I do not have an hacked machine, I can tell you untill here.
So if it has such a simple use, how can we be protected?
How can we be protected?
The most important thing in such matters is awareness and attention.
1- If you have any doubts about the legality of an email, make a phone call to confirm that the information is correct and that it really came from the sender.
2- When visiting a website, pay attention to how the website looks and behaves.
3- If the site looks suspicious to you, leave the site without sharing any personal information. If you really need to contact the company, contact the company directly instead of website.
4- On internet giveaways, gifts etc. sites are used to grab people's attention and steal their information. Stay away from these sites.
5- Do not open e-mails without SPF registration. If you need to open it anyway, you need to be sure that they are verified company.
6- If you are doubt about the file, application, link etc. sent to you in the e-mail. Do not open it or take a look at the virus scan.
Translator: Shezzar
Source: https://www.turkhackteam.org/sosyal...spoofing-nedir-nasil-yapilir.html#post9165600