Hackers have found a way to make it even more difficult to recognize malicious emails and fool more and more users.

A new threat is lurking in the email inboxes of millions of users around the world. Emails have long been considered a relatively safe tool, thanks also to the sophisticated security systems that providers like Gmail have put in place. The events of the last year, however, have shown that this belief, unfortunately, is no longer valid. Indeed, according to various reports, 2023 was one of the years in which the most cyber attacks via email were recorded.

Emails can also hide various dangers for users – Sjbeez

The new attack technique was called "SMTP Smuggling", a term that in Italian means "smuggling". This vulnerability, discovered by cybersecurity expert Timo Longin in collaboration with SEC Consult, puts the email inboxes of millions of users at risk as it allows criminals to send spoofed emails that bypass standard authentication mechanisms.

Being present on the web today means being constantly exposed to new dangers

SMTP (Simple Mail Transfer Protocol) servers are crucial systems in Internet email: they are responsible for sending, receiving and forwarding email messages. The new scam is based on a discrepancy in this protocol and exploits it to allow hackers to send messages with fake headers, making servers believe that the emails come from trusted domains.

Hackers have found a way to trick users even more easily – Sjbeez

The natural consequence of this deception is that malicious emails can bypass authentication systems designed to block them and prevent spam and phishing attacks. In practice, users may receive emails that list Microsoft, Amazon or PayPal as the sender, but which were actually sent by cybercriminals.

The problem is that the security systems of Gmail or other services will not be able to recognize this difference and will send them to the user’s account as if they were normal emails. On the contrary, in many cases the systems in question manage to intercept spam and phishing emails and divert them to the appropriate folder.

To protect yourself from this type of threat, it is crucial that users keep their guard up and take additional security measures. Frequently checking security settings and updating email filtering systems are essential steps. Additionally, it’s critical to be vigilant in recognizing and reporting suspicious emails, especially those that appear to come from trusted sources. For example, if you receive a request to reset your password, it is a good idea to check whether that request originated from some action on our part or whether it comes out of nowhere. In this second case, it is advisable to carry out further research.