"Scammers Can Abuse Security Flaws in Email Forwarding to Impersonate High-Profile Domains"
Due to flaws in the process that enables email forwarding, it is easier than previously believed to send an email with a forged address, according to a research team led by computer scientists from the University of California San Diego. The issues discovered by researchers affect the integrity of emails sent from tens of thousands of domains, including those representing US government organizations. Major financial service providers, such as Mastercard, and news organizations like The Washington Post and the Associated Press are also at risk. It is referred to as forwarding-based spoofing, and researchers have discovered that it is possible to send email messages impersonating these organizations, circumventing the security measures implemented by email providers such as Gmail and Outlook. This article continues to discuss the researchers' findings regarding security flaws in email forwarding.