I got this e-mail today:
Find out for a chance to win a Stormtrooper Helmet!
Hello.
Did you know that one of the first things hackers try is to see if they can spoof the email address of someone in your own domain?
Now they can launch a “CEO fraud” spear phishing attack on your organization.
KnowBe4 can help you find out if this is the case with our complimentary Domain Spoof Test and enter you for a chance to win an awesome Stormtrooper Helmet Prop Replica at the same time.
Also, EVERYONE in the US/Canada will receive a real Kevin Mitnick collectible stainless steel lock-pick business card.
Don’t like to click buttons? Copy-and-paste this into your browser:
https://info.knowbe4.com/dst-sweepstakes-062017
Warm Regards,
Stu Sjouwerman
Founder & CEO
KnowBe4, Inc.
A couple weeks after I wrote the post you just responded to, I actually got a junk email (”Your Amazon Order Has Been Canceled”) that had a bona fide Amazon.com sender address.
I have no idea how they could fake that.
If it is possible, it seems like EVERY scammer and hacker in the world would use a bogus corporate return address, but they don't, they almost all use original throw-away domains.