{"id":33024,"date":"2025-09-08T11:26:54","date_gmt":"2025-09-08T04:26:54","guid":{"rendered":"https:\/\/interdata.vn\/blog\/?p=33024"},"modified":"2026-01-31T09:36:39","modified_gmt":"2026-01-31T02:36:39","slug":"email-spoofing-la-gi","status":"publish","type":"post","link":"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/","title":{"rendered":"Email Spoofing L\u00e0 G\u00ec? 5 C\u00e1ch Nh\u1eadn Bi\u1ebft &#038; Ng\u0103n Ch\u1eb7n [2026]"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-white ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">N\u1ed8I DUNG<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/#Tom-tat-nhanh\" >T\u00f3m t\u1eaft nhanh<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/#Email-Spoofing-la-gi-va-tai-sao-no-nguy-hiem\" >Email Spoofing l\u00e0 g\u00ec v\u00e0 t\u1ea1i sao n\u00f3 nguy hi\u1ec3m?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/#Su-khac-biet-giua-Email-Spoofing-va-Phishing\" >S\u1ef1 kh\u00e1c bi\u1ec7t gi\u1eefa Email Spoofing v\u00e0 Phishing<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/#Tai-sao-giao-thuc-SMTP-lai-de-bi-gia-mao\" >T\u1ea1i sao giao th\u1ee9c SMTP l\u1ea1i d\u1ec5 b\u1ecb gi\u1ea3 m\u1ea1o?<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/#Ke-tan-cong-thuc-hien-Email-Spoofing-nhu-the-nao\" >K\u1ebb t\u1ea5n c\u00f4ng th\u1ef1c hi\u1ec7n Email Spoofing nh\u01b0 th\u1ebf n\u00e0o?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/#Lo-hong-trong-thiet-ke-cua-SMTP\" >L\u1ed7 h\u1ed5ng trong thi\u1ebft k\u1ebf c\u1ee7a SMTP<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/#Cac-hinh-thuc-Spoofing-pho-bien\" >C\u00e1c h\u00ecnh th\u1ee9c Spoofing ph\u1ed5 bi\u1ebfn<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/#Dau-hieu-nhan-biet-Lam-sao-de-biet-ban-dang-bi-Spoofing\" >D\u1ea5u hi\u1ec7u nh\u1eadn bi\u1ebft: L\u00e0m sao \u0111\u1ec3 bi\u1ebft b\u1ea1n \u0111ang b\u1ecb Spoofing?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/#Kiem-tra-%E2%80%9CFrom%E2%80%9D-Header-va-dia-chi-email\" >Ki\u1ec3m tra &#8220;From&#8221; Header v\u00e0 \u0111\u1ecba ch\u1ec9 email<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/#Huong-dan-soi-Email-Header-Technical-Check\" >H\u01b0\u1edbng d\u1eabn soi Email Header (Technical Check)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/#Noi-dung-khan-cap-va-bat-thuong\" >N\u1ed9i dung kh\u1ea9n c\u1ea5p v\u00e0 b\u1ea5t th\u01b0\u1eddng<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/#Hau-qua-cua-Email-Spoofing-doi-voi-doanh-nghiep-la-gi\" >H\u1eadu qu\u1ea3 c\u1ee7a Email Spoofing \u0111\u1ed1i v\u1edbi doanh nghi\u1ec7p l\u00e0 g\u00ec?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/#Thiet-hai-tai-chinh-va-du-lieu-BEC\" >Thi\u1ec7t h\u1ea1i t\u00e0i ch\u00ednh v\u00e0 d\u1eef li\u1ec7u (BEC)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/#Ton-hai-danh-tieng-thuong-hieu\" >T\u1ed5n h\u1ea1i danh ti\u1ebfng th\u01b0\u01a1ng hi\u1ec7u<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/#Ten-mien-bi-dua-vao-danh-sach-den-Blacklist\" >T\u00ean mi\u1ec1n b\u1ecb \u0111\u01b0a v\u00e0o danh s\u00e1ch \u0111en (Blacklist)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/#Case-Study-thuc-te\" >Case Study th\u1ef1c t\u1ebf<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/#Giai-phap-ky-thuat-Lam-the-nao-de-ngan-chan-Email-Spoofing-triet-de\" >Gi\u1ea3i ph\u00e1p k\u1ef9 thu\u1eadt: L\u00e0m th\u1ebf n\u00e0o \u0111\u1ec3 ng\u0103n ch\u1eb7n Email Spoofing tri\u1ec7t \u0111\u1ec3?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/#1-SPF-Sender-Policy-Framework\" >1. SPF (Sender Policy Framework)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/#2-DKIM-DomainKeys-Identified-Mail\" >2. DKIM (DomainKeys Identified Mail)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/#3-DMARC-Domain-based-Message-Authentication-Reporting-and-Conformance\" >3. DMARC (Domain-based Message Authentication, Reporting, and Conformance)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/#Nguoi-dung-ca-nhan-can-lam-gi-de-phong-tranh\" >Ng\u01b0\u1eddi d\u00f9ng c\u00e1 nh\u00e2n c\u1ea7n l\u00e0m g\u00ec \u0111\u1ec3 ph\u00f2ng tr\u00e1nh?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/#Cac-cau-hoi-thuong-gap-ve-Email-Spoofing-FAQs\" >C\u00e1c c\u00e2u h\u1ecfi th\u01b0\u1eddng g\u1eb7p v\u1ec1 Email Spoofing (FAQs)<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/#1-Email-Spoofing-co-giong-voi-hack-tai-khoan-email-khong\" >1. Email Spoofing c\u00f3 gi\u1ed1ng v\u1edbi hack t\u00e0i kho\u1ea3n email kh\u00f4ng?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/#2-Toi-co-the-truy-tim-dia-chi-IP-thuc-cua-ke-gia-mao-khong\" >2. T\u00f4i c\u00f3 th\u1ec3 truy t\u00ecm \u0111\u1ecba ch\u1ec9 IP th\u1ef1c c\u1ee7a k\u1ebb gi\u1ea3 m\u1ea1o kh\u00f4ng?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/#3-Lam-sao-de-biet-domain-cua-toi-dang-bi-ke-xau-loi-dung-de-gui-thu-rac\" >3. L\u00e0m sao \u0111\u1ec3 bi\u1ebft domain c\u1ee7a t\u00f4i \u0111ang b\u1ecb k\u1ebb x\u1ea5u l\u1ee3i d\u1ee5ng \u0111\u1ec3 g\u1eedi th\u01b0 r\u00e1c?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/#4-Cau-hinh-SPF-da-du-de-chan-spoofing-chua\" >4. C\u1ea5u h\u00ecnh SPF \u0111\u00e3 \u0111\u1ee7 \u0111\u1ec3 ch\u1eb7n spoofing ch\u01b0a?<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/#Loi-ket\" >L\u1eddi k\u1ebft<\/a><\/li><\/ul><\/nav><\/div>\n<div class=\"summary\">\n<h3><span class=\"ez-toc-section\" id=\"Tom-tat-nhanh\"><\/span>T\u00f3m t\u1eaft nhanh<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><a href=\"https:\/\/interdata.vn\/blog\/email-spoofing-la-gi\/\"><strong>Email Spoofing<\/strong><\/a> l\u00e0 m\u1ed9t k\u1ef9 thu\u1eadt t\u1ea5n c\u00f4ng m\u1ea1ng trong \u0111\u00f3 hacker thao t\u00fang th\u00f4ng tin ti\u00eau \u0111\u1ec1 (<a href=\"https:\/\/interdata.vn\/blog\/header-la-gi\/\">header<\/a>) c\u1ee7a email \u0111\u1ec3 l\u00e0m cho th\u01b0 c\u00f3 v\u1ebb nh\u01b0 \u0111\u01b0\u1ee3c g\u1eedi t\u1eeb m\u1ed9t ngu\u1ed3n tin c\u1eady (nh\u01b0 ng\u00e2n h\u00e0ng, \u0111\u1ed1i t\u00e1c ho\u1eb7c s\u1ebfp c\u1ee7a b\u1ea1n). M\u1ee5c \u0111\u00edch ch\u00ednh th\u01b0\u1eddng l\u00e0 l\u1eeba \u0111\u1ea3o (<a href=\"https:\/\/interdata.vn\/blog\/tan-cong-phishing-la-gi\/\">phishing<\/a>), ph\u00e1t t\u00e1n m\u00e3 \u0111\u1ed9c ho\u1eb7c l\u00e0m t\u1ed5n h\u1ea1i danh ti\u1ebfng doanh nghi\u1ec7p.<\/p>\n<p><strong>\u0110i\u1ec3m ch\u00ednh c\u1ea7n nh\u1edb:<\/strong><\/p>\n<ul>\n<li><strong>C\u01a1 ch\u1ebf:<\/strong> L\u1ee3i d\u1ee5ng l\u1ed7 h\u1ed5ng trong giao th\u1ee9c <a href=\"https:\/\/interdata.vn\/blog\/smtp-la-gi\/\">SMTP<\/a> kh\u00f4ng c\u00f3 c\u01a1 ch\u1ebf x\u00e1c th\u1ef1c ng\u01b0\u1eddi g\u1eedi m\u1eb7c \u0111\u1ecbnh.<\/li>\n<li><strong>R\u1ee7i ro:<\/strong> L\u00e2y nhi\u1ec5m <a href=\"https:\/\/interdata.vn\/blog\/ransomware-la-gi\/\">ransomware<\/a>, l\u1eeba \u0111\u1ea3o chuy\u1ec3n ti\u1ec1n (BEC), \u0111\u00e1nh c\u1eafp th\u00f4ng tin x\u00e1c th\u1ef1c v\u00e0 \u0111\u01b0a <a href=\"https:\/\/interdata.vn\/blog\/domain-la-gi\/\">t\u00ean mi\u1ec1n<\/a> v\u00e0o danh s\u00e1ch \u0111en (Blacklist).<\/li>\n<li><strong>Gi\u1ea3i ph\u00e1p c\u1ed1t l\u00f5i:<\/strong> C\u1ea7n tri\u1ec3n khai b\u1ed9 ba giao th\u1ee9c x\u00e1c th\u1ef1c email: <strong>SPF<\/strong> (x\u00e1c \u0111\u1ecbnh IP g\u1eedi), <strong>DKIM<\/strong> (ch\u1eef k\u00fd s\u1ed1), v\u00e0 <strong>DMARC<\/strong> (ch\u00ednh s\u00e1ch x\u1eed l\u00fd th\u01b0 gi\u1ea3 m\u1ea1o).<\/li>\n<\/ul>\n<\/div>\n<p>Theo b\u00e1o c\u00e1o t\u1ed9i ph\u1ea1m <a href=\"https:\/\/interdata.vn\/blog\/mang-internet\/\">Internet<\/a> m\u1edbi nh\u1ea5t c\u1ee7a FBI (IC3), c\u00e1c v\u1ee5 l\u1eeba \u0111\u1ea3o qua email doanh nghi\u1ec7p (Business Email Compromise &#8211; BEC) \u0111\u00e3 g\u00e2y thi\u1ec7t h\u1ea1i h\u00e0ng ch\u1ee5c t\u1ef7 USD tr\u00ean to\u00e0n c\u1ea7u ch\u1ec9 trong v\u00e0i n\u0103m qua. M\u1ed9t con s\u1ed1 \u0111\u00e1ng b\u00e1o \u0111\u1ed9ng cho th\u1ea5y m\u1ee9c \u0111\u1ed9 tinh vi c\u1ee7a t\u1ed9i ph\u1ea1m m\u1ea1ng ng\u00e0y c\u00e0ng gia t\u0103ng. B\u1ea1n c\u00f3 th\u1ec3 ngh\u0129 r\u1eb1ng m\u00ecnh \u0111\u1ee7 t\u1ec9nh t\u00e1o \u0111\u1ec3 nh\u1eadn ra m\u1ed9t email l\u1eeba \u0111\u1ea3o. Nh\u01b0ng h\u00e3y t\u01b0\u1edfng t\u01b0\u1ee3ng t\u00ecnh hu\u1ed1ng sau: B\u1ea1n nh\u1eadn \u0111\u01b0\u1ee3c m\u1ed9t email t\u1eeb ch\u00ednh \u0111\u1ecba ch\u1ec9 c\u1ee7a CEO c\u00f4ng ty, y\u00eau c\u1ea7u chuy\u1ec3n kho\u1ea3n g\u1ea5p cho m\u1ed9t \u0111\u1ed1i t\u00e1c quan tr\u1ecdng. M\u1ecdi th\u1ee9 t\u1eeb t\u00ean hi\u1ec3n th\u1ecb, \u0111\u1ecba ch\u1ec9 email cho \u0111\u1ebfn ch\u1eef k\u00fd \u0111\u1ec1u tr\u00f4ng ho\u00e0n to\u00e0n h\u1ee3p l\u1ec7. B\u1ea1n c\u00f3 th\u1ef1c hi\u1ec7n l\u1ec7nh chuy\u1ec3n ti\u1ec1n?<\/p>\n<p>N\u1ebfu c\u00e2u tr\u1ea3 l\u1eddi l\u00e0 &#8220;C\u00f3&#8221;, b\u1ea1n c\u00f3 th\u1ec3 \u0111\u00e3 tr\u1edf th\u00e0nh n\u1ea1n nh\u00e2n ti\u1ebfp theo c\u1ee7a <strong>Email Spoofing<\/strong>. V\u1ea5n \u0111\u1ec1 n\u00e0y kh\u00f4ng ch\u1eeba m\u1ed9t ai, t\u1eeb ng\u01b0\u1eddi d\u00f9ng c\u00e1 nh\u00e2n \u0111\u1ebfn c\u00e1c t\u1eadp \u0111o\u00e0n \u0111a qu\u1ed1c gia. M\u1ed9t khi k\u1ebb t\u1ea5n c\u00f4ng \u0111\u00e3 gi\u1ea3 m\u1ea1o th\u00e0nh c\u00f4ng danh t\u00ednh c\u1ee7a ng\u01b0\u1eddi g\u1eedi, c\u00e1nh c\u1eeda v\u00e0o h\u1ec7 th\u1ed1ng t\u00e0i ch\u00ednh v\u00e0 d\u1eef li\u1ec7u c\u1ee7a b\u1ea1n \u0111\u00e3 m\u1edf toang. T\u1ea1i InterData, ch\u00fang t\u00f4i hi\u1ec3u r\u00f5 t\u1ea7m quan tr\u1ecdng c\u1ee7a vi\u1ec7c b\u1ea3o m\u1eadt th\u00f4ng tin li\u00ean l\u1ea1c trong m\u00f4i tr\u01b0\u1eddng s\u1ed1.<\/p>\n<p>B\u00e0i vi\u1ebft chuy\u00ean s\u00e2u n\u00e0y s\u1ebd \u0111\u00f3ng vai tr\u00f2 nh\u01b0 m\u1ed9t &#8220;b\u1ee9c <a href=\"https:\/\/interdata.vn\/blog\/tuong-lua-firewall\/\">t\u01b0\u1eddng l\u1eeda<\/a>&#8221; ki\u1ebfn th\u1ee9c cho b\u1ea1n. Ch\u00fang ta s\u1ebd c\u00f9ng nhau b\u00f3c t\u00e1ch l\u1edbp v\u1ecf b\u1ecdc k\u1ef9 thu\u1eadt c\u1ee7a Email Spoofing, ph\u00e2n t\u00edch c\u00e1ch th\u1ee9c hacker qua m\u1eb7t c\u00e1c b\u1ed9 l\u1ecdc th\u01b0 r\u00e1c v\u00e0 quan tr\u1ecdng nh\u1ea5t l\u00e0 cung c\u1ea5p c\u00e1c gi\u1ea3i ph\u00e1p k\u1ef9 thu\u1eadt c\u1ee5 th\u1ec3 \u0111\u1ec3 b\u1ea3o v\u1ec7 doanh nghi\u1ec7p c\u1ee7a b\u1ea1n m\u1ed9t c\u00e1ch tri\u1ec7t \u0111\u1ec3 trong n\u0103m 2025.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Email-Spoofing-la-gi-va-tai-sao-no-nguy-hiem\"><\/span>Email Spoofing l\u00e0 g\u00ec v\u00e0 t\u1ea1i sao n\u00f3 nguy hi\u1ec3m?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0110\u1ec3 b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng, tr\u01b0\u1edbc ti\u00ean ch\u00fang ta c\u1ea7n hi\u1ec3u r\u00f5 b\u1ea3n ch\u1ea5t c\u1ee7a m\u1ed1i \u0111e d\u1ecda. <strong>Email Spoofing<\/strong> (Gi\u1ea3 m\u1ea1o email) l\u00e0 h\u00e0nh \u0111\u1ed9ng ng\u1ee5y t\u1ea1o c\u00e1c th\u00f4ng tin trong ti\u00eau \u0111\u1ec1 (header) c\u1ee7a m\u1ed9t email \u0111\u1ec3 khi\u1ebfn ng\u01b0\u1eddi nh\u1eadn tin r\u1eb1ng th\u01b0 \u0111\u01b0\u1ee3c g\u1eedi t\u1eeb m\u1ed9t ng\u01b0\u1eddi ho\u1eb7c t\u1ed5 ch\u1ee9c kh\u00e1c v\u1edbi ng\u01b0\u1eddi g\u1eedi th\u1ef1c t\u1ebf.<\/p>\n<p>H\u00e3y h\u00ecnh dung Email Spoofing gi\u1ed1ng nh\u01b0 vi\u1ec7c b\u1ea1n vi\u1ebft m\u1ed9t l\u00e1 th\u01b0 tay, b\u1ecf v\u00e0o phong b\u00ec, nh\u01b0ng \u1edf ph\u1ea7n &#8220;Ng\u01b0\u1eddi g\u1eedi&#8221; (From) b\u00ean ngo\u00e0i phong b\u00ec, b\u1ea1n l\u1ea1i ghi t\u00ean v\u00e0 \u0111\u1ecba ch\u1ec9 c\u1ee7a m\u1ed9t ng\u01b0\u1eddi kh\u00e1c. B\u01b0u \u0111i\u1ec7n (trong tr\u01b0\u1eddng h\u1ee3p n\u00e0y l\u00e0 <a href=\"https:\/\/interdata.vn\/blog\/may-chu-server-la-gi\/\">m\u00e1y ch\u1ee7<\/a> email) s\u1ebd v\u1eabn chuy\u1ec3n l\u00e1 th\u01b0 \u0111\u00f3 \u0111\u1ebfn tay ng\u01b0\u1eddi nh\u1eadn m\u00e0 kh\u00f4ng c\u1ea7n ki\u1ec3m tra xem ng\u01b0\u1eddi g\u1eedi c\u00f3 \u0111\u00fang l\u00e0 ng\u01b0\u1eddi \u0111\u01b0\u1ee3c ghi tr\u00ean phong b\u00ec hay kh\u00f4ng. Ng\u01b0\u1eddi nh\u1eadn m\u1edf th\u01b0, th\u1ea5y t\u00ean ng\u01b0\u1eddi g\u1eedi quen thu\u1ed9c v\u00e0 m\u1eb7c nhi\u00ean tin t\u01b0\u1edfng n\u1ed9i dung b\u00ean trong.<\/p>\n<figure id=\"attachment_38833\" aria-describedby=\"caption-attachment-38833\" style=\"width: 750px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-38833\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/09\/Email-Spoofing-1.webp\" alt=\"Email Spoofing\" width=\"750\" height=\"409\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/09\/Email-Spoofing-1.webp 750w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/09\/Email-Spoofing-1-300x164.webp 300w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><figcaption id=\"caption-attachment-38833\" class=\"wp-caption-text\">Email Spoofing<\/figcaption><\/figure>\n<h3><span class=\"ez-toc-section\" id=\"Su-khac-biet-giua-Email-Spoofing-va-Phishing\"><\/span>S\u1ef1 kh\u00e1c bi\u1ec7t gi\u1eefa Email Spoofing v\u00e0 Phishing<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Nhi\u1ec1u ng\u01b0\u1eddi th\u01b0\u1eddng nh\u1ea7m l\u1eabn gi\u1eefa hai kh\u00e1i ni\u1ec7m n\u00e0y. Tuy nhi\u00ean, ch\u00fang c\u00f3 m\u1ed1i quan h\u1ec7 nh\u00e2n qu\u1ea3 v\u00e0 c\u00f4ng c\u1ee5:<\/p>\n<ul>\n<li><strong>Email Spoofing<\/strong> l\u00e0 <i>k\u1ef9 thu\u1eadt<\/i> ho\u1eb7c <i>c\u00f4ng c\u1ee5<\/i>. \u0110\u00e2y l\u00e0 c\u00e1ch th\u1ee9c hacker che gi\u1ea5u danh t\u00ednh th\u1ef1c s\u1ef1 \u0111\u1ec3 t\u1ea1o l\u00f2ng tin.<\/li>\n<li><strong>Phishing<\/strong> l\u00e0 <i>h\u00e0nh vi<\/i> ho\u1eb7c <i>m\u1ee5c \u0111\u00edch<\/i> l\u1eeba \u0111\u1ea3o. K\u1ebb t\u1ea5n c\u00f4ng s\u1eed d\u1ee5ng k\u1ef9 thu\u1eadt Spoofing \u0111\u1ec3 th\u1ef1c hi\u1ec7n chi\u1ebfn d\u1ecbch Phishing nh\u1eb1m \u0111\u00e1nh c\u1eafp m\u1eadt kh\u1ea9u, th\u00f4ng tin th\u1ebb t\u00edn d\u1ee5ng ho\u1eb7c l\u1eeba chuy\u1ec3n ti\u1ec1n.<\/li>\n<\/ul>\n<p>M\u1ed9t email Phishing kh\u00f4ng nh\u1ea5t thi\u1ebft ph\u1ea3i d\u00f9ng k\u1ef9 thu\u1eadt Spoofing (v\u00ed d\u1ee5: hacker d\u00f9ng m\u1ed9t email l\u1ea1 ho\u1eafc \u0111\u1ec3 g\u1eedi th\u01b0 l\u1eeba \u0111\u1ea3o), nh\u01b0ng h\u1ea7u h\u1ebft c\u00e1c v\u1ee5 t\u1ea5n c\u00f4ng Phishing cao c\u1ea5p \u0111\u1ec1u s\u1eed d\u1ee5ng Spoofing \u0111\u1ec3 t\u0103ng t\u1ef7 l\u1ec7 th\u00e0nh c\u00f4ng.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Tai-sao-giao-thuc-SMTP-lai-de-bi-gia-mao\"><\/span>T\u1ea1i sao giao th\u1ee9c SMTP l\u1ea1i d\u1ec5 b\u1ecb gi\u1ea3 m\u1ea1o?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Nguy\u00ean nh\u00e2n g\u1ed1c r\u1ec5 c\u1ee7a v\u1ea5n \u0111\u1ec1 n\u1eb1m \u1edf giao th\u1ee9c <strong>SMTP (Simple Mail Transfer Protocol)<\/strong>. \u0110\u00e2y l\u00e0 giao th\u1ee9c chu\u1ea9n \u0111\u1ec3 g\u1eedi email \u0111\u01b0\u1ee3c ph\u00e1t tri\u1ec3n t\u1eeb nh\u1eefng n\u0103m 1980. V\u00e0o th\u1eddi \u0111i\u1ec3m \u0111\u00f3, Internet l\u00e0 m\u1ed9t m\u1ea1ng l\u01b0\u1edbi nh\u1ecf v\u00e0 kh\u00e9p k\u00edn gi\u1eefa c\u00e1c tr\u01b0\u1eddng \u0111\u1ea1i h\u1ecdc v\u00e0 c\u01a1 quan ch\u00ednh ph\u1ee7, n\u01a1i m\u1ecdi ng\u01b0\u1eddi tin t\u01b0\u1edfng l\u1eabn nhau.<\/p>\n<p>Do \u0111\u00f3, c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n ban \u0111\u1ea7u \u0111\u00e3 kh\u00f4ng t\u00edch h\u1ee3p c\u01a1 ch\u1ebf x\u00e1c th\u1ef1c m\u1ea1nh m\u1ebd v\u00e0o SMTP. Giao th\u1ee9c n\u00e0y kh\u00f4ng y\u00eau c\u1ea7u m\u00e1y ch\u1ee7 g\u1eedi email ph\u1ea3i ch\u1ee9ng minh danh t\u00ednh c\u1ee7a m\u00ecnh. B\u1ea5t k\u1ef3 ai c\u00f3 ch\u00fat ki\u1ebfn th\u1ee9c v\u1ec1 d\u00f2ng l\u1ec7nh (command line) \u0111\u1ec1u c\u00f3 th\u1ec3 k\u1ebft n\u1ed1i v\u00e0o c\u1ed5ng 25 c\u1ee7a m\u1ed9t m\u00e1y ch\u1ee7 SMTP m\u1edf v\u00e0 g\u1eedi \u0111i m\u1ed9t email v\u1edbi b\u1ea5t k\u1ef3 \u0111\u1ecba ch\u1ec9 &#8220;From&#8221; n\u00e0o m\u00e0 h\u1ecd mu\u1ed1n. \u0110\u00e2y ch\u00ednh l\u00e0 l\u1ed7 h\u1ed5ng thi\u1ebft k\u1ebf m\u00e0 t\u1ed9i ph\u1ea1m m\u1ea1ng \u0111\u00e3 khai th\u00e1c tri\u1ec7t \u0111\u1ec3 su\u1ed1t h\u00e0ng th\u1eadp k\u1ef7 qua.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Ke-tan-cong-thuc-hien-Email-Spoofing-nhu-the-nao\"><\/span>K\u1ebb t\u1ea5n c\u00f4ng th\u1ef1c hi\u1ec7n Email Spoofing nh\u01b0 th\u1ebf n\u00e0o?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<figure id=\"attachment_38835\" aria-describedby=\"caption-attachment-38835\" style=\"width: 750px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-38835\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/09\/Ke-tan-cong-thuc-hien-Email-Spoofing.webp\" alt=\"K\u1ebb t\u1ea5n c\u00f4ng th\u1ef1c hi\u1ec7n Email Spoofing\" width=\"750\" height=\"409\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/09\/Ke-tan-cong-thuc-hien-Email-Spoofing.webp 750w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/09\/Ke-tan-cong-thuc-hien-Email-Spoofing-300x164.webp 300w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><figcaption id=\"caption-attachment-38835\" class=\"wp-caption-text\">K\u1ebb t\u1ea5n c\u00f4ng th\u1ef1c hi\u1ec7n Email Spoofing<\/figcaption><\/figure>\n<p>Hi\u1ec3u \u0111\u01b0\u1ee3c ph\u01b0\u01a1ng th\u1ee9c t\u1ea5n c\u00f4ng c\u1ee7a hacker s\u1ebd gi\u00fap b\u1ea1n x\u00e2y d\u1ef1ng ph\u01b0\u01a1ng \u00e1n ph\u00f2ng th\u1ee7 hi\u1ec7u qu\u1ea3 h\u01a1n. Qu\u00e1 tr\u00ecnh gi\u1ea3 m\u1ea1o email kh\u00f4ng \u0111\u00f2i h\u1ecfi k\u1ef9 n\u0103ng <a href=\"https:\/\/interdata.vn\/blog\/lap-trinh-la-gi\/\">l\u1eadp tr\u00ecnh<\/a> qu\u00e1 cao si\u00eau, m\u00e0 ch\u1ee7 y\u1ebfu d\u1ef1a v\u00e0o s\u1ef1 l\u1ecfng l\u1ebbo trong c\u1ea5u h\u00ecnh m\u00e1y ch\u1ee7 v\u00e0 t\u00e2m l\u00fd ch\u1ee7 quan c\u1ee7a ng\u01b0\u1eddi d\u00f9ng.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Lo-hong-trong-thiet-ke-cua-SMTP\"><\/span>L\u1ed7 h\u1ed5ng trong thi\u1ebft k\u1ebf c\u1ee7a SMTP<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Trong m\u1ed9t phi\u00ean g\u1eedi email th\u00f4ng th\u01b0\u1eddng qua SMTP, c\u00f3 ba th\u00e0nh ph\u1ea7n d\u1eef li\u1ec7u ch\u00ednh v\u1ec1 ng\u01b0\u1eddi g\u1eedi:<\/p>\n<ol>\n<li><strong>MAIL FROM:<\/strong> \u0110\u1ecba ch\u1ec9 th\u1ef1c s\u1ef1 g\u1eedi email (th\u01b0\u1eddng \u0111\u01b0\u1ee3c d\u00f9ng \u0111\u1ec3 nh\u1eadn th\u00f4ng b\u00e1o l\u1ed7i n\u1ebfu g\u1eedi th\u1ea5t b\u1ea1i &#8211; Bounce message). \u0110\u00e2y c\u00f2n g\u1ecdi l\u00e0 \u0111\u1ecba ch\u1ec9 <i>Envelope From<\/i> ho\u1eb7c <i>Return-Path<\/i>.<\/li>\n<li><strong>RCPT TO:<\/strong> \u0110\u1ecba ch\u1ec9 ng\u01b0\u1eddi nh\u1eadn.<\/li>\n<li><strong>DATA &#8211; From Header:<\/strong> \u0110\u1ecba ch\u1ec9 hi\u1ec3n th\u1ecb cho ng\u01b0\u1eddi nh\u1eadn th\u1ea5y trong ph\u1ea7n m\u1ec1m \u0111\u1ecdc mail (Outlook, Gmail).<\/li>\n<\/ol>\n<p>Hacker c\u00f3 th\u1ec3 d\u1ec5 d\u00e0ng thi\u1ebft l\u1eadp <i>MAIL FROM<\/i> l\u00e0 m\u1ed9t \u0111\u1ecba ch\u1ec9 r\u00e1c \u0111\u1ec3 tr\u00e1nh b\u1ecb ph\u00e1t hi\u1ec7n, nh\u01b0ng l\u1ea1i thi\u1ebft l\u1eadp <i>DATA &#8211; From Header<\/i> l\u00e0 <code>ceo@yourcompany.com<\/code>. Khi email \u0111\u1ebfn h\u1ed9p th\u01b0 c\u1ee7a b\u1ea1n, ph\u1ea7n m\u1ec1m email th\u01b0\u1eddng ch\u1ec9 hi\u1ec3n th\u1ecb th\u00f4ng tin t\u1eeb <i>DATA &#8211; From Header<\/i>. S\u1ef1 b\u1ea5t nh\u1ea5t n\u00e0y ch\u00ednh l\u00e0 c\u1ed1t l\u00f5i c\u1ee7a k\u1ef9 thu\u1eadt Spoofing.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Cac-hinh-thuc-Spoofing-pho-bien\"><\/span>C\u00e1c h\u00ecnh th\u1ee9c Spoofing ph\u1ed5 bi\u1ebfn<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4>1. Display Name Spoofing (Gi\u1ea3 m\u1ea1o t\u00ean hi\u1ec3n th\u1ecb)<\/h4>\n<p>\u0110\u00e2y l\u00e0 h\u00ecnh th\u1ee9c \u0111\u01a1n gi\u1ea3n v\u00e0 ph\u1ed5 bi\u1ebfn nh\u1ea5t. Hacker \u0111\u0103ng k\u00fd m\u1ed9t t\u00e0i kho\u1ea3n email mi\u1ec5n ph\u00ed (nh\u01b0 Gmail, Yahoo) nh\u01b0ng \u0111\u1ed5i t\u00ean hi\u1ec3n th\u1ecb th\u00e0nh t\u00ean c\u1ee7a m\u1ed9t th\u01b0\u01a1ng hi\u1ec7u ho\u1eb7c m\u1ed9t nh\u00e2n v\u1eadt uy t\u00edn.<\/p>\n<ul>\n<li><strong>V\u00ed d\u1ee5:<\/strong> Hacker t\u1ea1o email <code>nguyenvana1234@gmail.com<\/code> nh\u01b0ng \u0111\u1eb7t t\u00ean hi\u1ec3n th\u1ecb l\u00e0 &#8220;H\u1ed7 tr\u1ee3 K\u1ef9 thu\u1eadt InterData&#8221;.<\/li>\n<li><strong>Hi\u1ec3n th\u1ecb tr\u00ean m\u00e1y ng\u01b0\u1eddi nh\u1eadn:<\/strong> <strong>H\u1ed7 tr\u1ee3 K\u1ef9 thu\u1eadt InterData<\/strong> &lt;nguyenvana1234@gmail.com&gt;.<\/li>\n<\/ul>\n<p>Tr\u00ean giao di\u1ec7n \u0111i\u1ec7n tho\u1ea1i di \u0111\u1ed9ng, th\u01b0\u1eddng ch\u1ec9 c\u00f3 t\u00ean hi\u1ec3n th\u1ecb \u0111\u01b0\u1ee3c hi\u1ec7n l\u00ean, c\u00f2n \u0111\u1ecba ch\u1ec9 email th\u1eadt b\u1ecb \u1ea9n \u0111i. \u0110i\u1ec1u n\u00e0y khi\u1ebfn ng\u01b0\u1eddi d\u00f9ng r\u1ea5t d\u1ec5 b\u1ecb l\u1eeba n\u1ebfu kh\u00f4ng b\u1ea5m v\u00e0o chi ti\u1ebft \u0111\u1ec3 xem.<\/p>\n<h4>2. Domain Spoofing (Gi\u1ea3 m\u1ea1o t\u00ean mi\u1ec1n)<\/h4>\n<p>\u0110\u00e2y l\u00e0 h\u00ecnh th\u1ee9c nguy hi\u1ec3m h\u01a1n. Hacker tr\u1ef1c ti\u1ebfp s\u1eed d\u1ee5ng t\u00ean mi\u1ec1n c\u1ee7a doanh nghi\u1ec7p \u0111\u1ec3 g\u1eedi email m\u00e0 kh\u00f4ng c\u1ea7n chi\u1ebfm quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n t\u00e0i kho\u1ea3n email th\u1eadt. Vi\u1ec7c n\u00e0y th\u1ef1c hi\u1ec7n \u0111\u01b0\u1ee3c n\u1ebfu m\u00e1y ch\u1ee7 qu\u1ea3n l\u00fd t\u00ean mi\u1ec1n \u0111\u00f3 kh\u00f4ng c\u1ea5u h\u00ecnh c\u00e1c b\u1ea3n ghi x\u00e1c th\u1ef1c (SPF, DKIM, DMARC).<\/p>\n<ul>\n<li><strong>V\u00ed d\u1ee5:<\/strong> Email \u0111\u1ebfn t\u1eeb <code>account@vietcombank.com.vn<\/code> nh\u01b0ng th\u1ef1c ch\u1ea5t \u0111\u01b0\u1ee3c g\u1eedi t\u1eeb m\u1ed9t m\u00e1y ch\u1ee7 v\u00f4 danh \u1edf n\u01b0\u1edbc ngo\u00e0i.<\/li>\n<\/ul>\n<p>N\u1ebfu doanh nghi\u1ec7p kh\u00f4ng b\u1ea3o v\u1ec7 t\u00ean mi\u1ec1n c\u1ee7a m\u00ecnh, b\u1ea5t k\u1ef3 ai c\u0169ng c\u00f3 th\u1ec3 m\u1ea1o danh nh\u00e2n vi\u00ean c\u1ee7a doanh nghi\u1ec7p \u0111\u1ec3 \u0111i l\u1eeba \u0111\u1ea3o kh\u00e1ch h\u00e0ng.<\/p>\n<h4>3. Look-alike Domains (Typosquatting &#8211; T\u00ean mi\u1ec1n g\u1ea7n gi\u1ed1ng)<\/h4>\n<p>Hacker \u0111\u0103ng k\u00fd c\u00e1c t\u00ean mi\u1ec1n nh\u00ecn tho\u1ea1t qua r\u1ea5t gi\u1ed1ng v\u1edbi t\u00ean mi\u1ec1n m\u1ee5c ti\u00eau b\u1eb1ng c\u00e1ch thay \u0111\u1ed5i m\u1ed9t v\u00e0i k\u00fd t\u1ef1 nh\u1ecf ho\u1eb7c s\u1eed d\u1ee5ng c\u00e1c k\u00fd t\u1ef1 \u0111\u1eb7c bi\u1ec7t.<\/p>\n<ul>\n<li><strong>V\u00ed d\u1ee5:<\/strong> Thay v\u00ec <code>microsoft.com<\/code>, hacker \u0111\u0103ng k\u00fd <code>micros0ft.com<\/code> (s\u1ed1 0 thay cho ch\u1eef o) ho\u1eb7c <code>rnicrosoft.com<\/code> (ch\u1eef r v\u00e0 n gh\u00e9p l\u1ea1i nh\u00ecn gi\u1ed1ng ch\u1eef m).<\/li>\n<\/ul>\n<p>K\u1ef9 thu\u1eadt n\u00e0y \u0111\u00e1nh l\u1eeba th\u1ecb gi\u00e1c c\u1ee7a ng\u01b0\u1eddi d\u00f9ng. Trong l\u00fac b\u1eadn r\u1ed9n, nh\u00e2n vi\u00ean v\u0103n ph\u00f2ng th\u01b0\u1eddng ch\u1ec9 l\u01b0\u1edbt qua \u0111\u1ecba ch\u1ec9 ng\u01b0\u1eddi g\u1eedi v\u00e0 kh\u00f4ng nh\u1eadn ra s\u1ef1 kh\u00e1c bi\u1ec7t nh\u1ecf n\u00e0y.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Dau-hieu-nhan-biet-Lam-sao-de-biet-ban-dang-bi-Spoofing\"><\/span>D\u1ea5u hi\u1ec7u nh\u1eadn bi\u1ebft: L\u00e0m sao \u0111\u1ec3 bi\u1ebft b\u1ea1n \u0111ang b\u1ecb Spoofing?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<figure id=\"attachment_38832\" aria-describedby=\"caption-attachment-38832\" style=\"width: 750px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-38832\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/09\/Dau-hieu-nhan-biet-Email-Spoofing.webp\" alt=\"D\u1ea5u hi\u1ec7u nh\u1eadn bi\u1ebft Email Spoofing\" width=\"750\" height=\"409\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/09\/Dau-hieu-nhan-biet-Email-Spoofing.webp 750w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/09\/Dau-hieu-nhan-biet-Email-Spoofing-300x164.webp 300w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><figcaption id=\"caption-attachment-38832\" class=\"wp-caption-text\">D\u1ea5u hi\u1ec7u nh\u1eadn bi\u1ebft Email Spoofing<\/figcaption><\/figure>\n<p>Vi\u1ec7c ph\u00e1t hi\u1ec7n email gi\u1ea3 m\u1ea1o \u0111\u00f2i h\u1ecfi s\u1ef1 k\u1ebft h\u1ee3p gi\u1eefa s\u1ef1 nh\u1ea1y b\u00e9n c\u1ee7a ng\u01b0\u1eddi d\u00f9ng v\u00e0 k\u1ef9 n\u0103ng ki\u1ec3m tra k\u1ef9 thu\u1eadt. D\u01b0\u1edbi \u0111\u00e2y l\u00e0 danh s\u00e1ch c\u00e1c d\u1ea5u hi\u1ec7u b\u1ea1n c\u1ea7n l\u01b0u \u00fd.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Kiem-tra-%E2%80%9CFrom%E2%80%9D-Header-va-dia-chi-email\"><\/span>Ki\u1ec3m tra &#8220;From&#8221; Header v\u00e0 \u0111\u1ecba ch\u1ec9 email<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Lu\u00f4n ki\u1ec3m tra k\u1ef9 \u0111\u1ecba ch\u1ec9 email ng\u01b0\u1eddi g\u1eedi, kh\u00f4ng ch\u1ec9 nh\u00ecn v\u00e0o t\u00ean hi\u1ec3n th\u1ecb. N\u1ebfu b\u1ea1n nh\u1eadn \u0111\u01b0\u1ee3c email t\u1eeb &#8220;Gi\u00e1m \u0111\u1ed1c Nh\u00e2n s\u1ef1&#8221; nh\u01b0ng \u0111\u1ecba ch\u1ec9 l\u1ea1i l\u00e0 m\u1ed9t \u0111u\u00f4i email c\u00f4ng c\u1ed9ng (@gmail.com, @yahoo.com) thay v\u00ec email c\u00f4ng ty, h\u00e3y x\u00f3a ngay l\u1eadp t\u1ee9c.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Huong-dan-soi-Email-Header-Technical-Check\"><\/span>H\u01b0\u1edbng d\u1eabn soi Email Header (Technical Check)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u1ec3 bi\u1ebft ch\u00ednh x\u00e1c ngu\u1ed3n g\u1ed1c email, b\u1ea1n c\u1ea7n xem <a href=\"https:\/\/interdata.vn\/blog\/source-code-la-gi\/\">m\u00e3 ngu\u1ed3n<\/a> (source) hay c\u00f2n g\u1ecdi l\u00e0 Header c\u1ee7a email. M\u1ed7i d\u1ecbch v\u1ee5 email c\u00f3 c\u00e1ch xem kh\u00e1c nhau:<\/p>\n<ul>\n<li><strong>Gmail:<\/strong> M\u1edf email -&gt; B\u1ea5m v\u00e0o d\u1ea5u 3 ch\u1ea5m g\u00f3c ph\u1ea3i -&gt; Ch\u1ecdn &#8220;Show original&#8221; (Hi\u1ec3n th\u1ecb th\u01b0 g\u1ed1c).<\/li>\n<li><strong>Outlook:<\/strong> M\u1edf email -&gt; File -&gt; Properties -&gt; Xem ph\u1ea7n &#8220;Internet headers&#8221;.<\/li>\n<\/ul>\n<p>Khi \u0111\u00e3 m\u1edf \u0111\u01b0\u1ee3c Header, h\u00e3y t\u00ecm c\u00e1c tr\u01b0\u1eddng th\u00f4ng tin sau:<\/p>\n<ol>\n<li><strong>Return-Path:<\/strong> \u0110\u00e2y l\u00e0 \u0111\u1ecba ch\u1ec9 th\u1ef1c s\u1ef1 g\u1eedi email. N\u1ebfu \u0111\u1ecba ch\u1ec9 n\u00e0y kh\u00e1c ho\u00e0n to\u00e0n v\u1edbi \u0111\u1ecba ch\u1ec9 trong ph\u1ea7n &#8220;From&#8221;, kh\u1ea3 n\u0103ng cao \u0111\u00e2y l\u00e0 email gi\u1ea3 m\u1ea1o.<\/li>\n<li><strong>Received:<\/strong> D\u00f2ng n\u00e0y cho bi\u1ebft email \u0111\u00e3 \u0111i qua c\u00e1c m\u00e1y ch\u1ee7 n\u00e0o. \u0110\u1ecdc t\u1eeb d\u01b0\u1edbi l\u00ean tr\u00ean \u0111\u1ec3 th\u1ea5y IP g\u1ed1c c\u1ee7a ng\u01b0\u1eddi g\u1eedi. N\u1ebfu IP n\u00e0y \u0111\u1ebfn t\u1eeb m\u1ed9t qu\u1ed1c gia l\u1ea1 ho\u1eb7c kh\u00f4ng thu\u1ed9c v\u1ec1 t\u1ed5 ch\u1ee9c g\u1eedi mail, h\u00e3y c\u1ea3nh gi\u00e1c.<\/li>\n<li><strong>Authentication-Results:<\/strong> \u0110\u00e2y l\u00e0 ph\u1ea7n quan tr\u1ecdng nh\u1ea5t. H\u00e3y t\u00ecm c\u00e1c k\u1ebft qu\u1ea3 c\u1ee7a <code>spf<\/code>, <code>dkim<\/code>, v\u00e0 <code>dmarc<\/code>.\n<ul>\n<li>N\u1ebfu th\u1ea5y <code>spf=fail<\/code> ho\u1eb7c <code>dkim=fail<\/code>, email n\u00e0y ch\u1eafc ch\u1eafn c\u00f3 v\u1ea5n \u0111\u1ec1.<\/li>\n<li>N\u1ebfu th\u1ea5y <code>pass<\/code>, email n\u00e0y \u0111\u00e3 \u0111\u01b0\u1ee3c x\u00e1c th\u1ef1c k\u1ef9 thu\u1eadt (tuy nhi\u00ean v\u1eabn c\u1ea7n c\u1ea3nh gi\u00e1c v\u1edbi n\u1ed9i dung n\u1ebfu t\u00e0i kho\u1ea3n th\u1eadt b\u1ecb hack).<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h3><span class=\"ez-toc-section\" id=\"Noi-dung-khan-cap-va-bat-thuong\"><\/span>N\u1ed9i dung kh\u1ea9n c\u1ea5p v\u00e0 b\u1ea5t th\u01b0\u1eddng<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>K\u1ebb l\u1eeba \u0111\u1ea3o th\u01b0\u1eddng \u0111\u00e1nh v\u00e0o t\u00e2m l\u00fd s\u1ee3 h\u00e3i ho\u1eb7c l\u00f2ng tham. C\u00e1c d\u1ea5u hi\u1ec7u trong n\u1ed9i dung bao g\u1ed3m:<\/p>\n<ul>\n<li>Y\u00eau c\u1ea7u chuy\u1ec3n ti\u1ec1n ho\u1eb7c cung c\u1ea5p m\u1eadt kh\u1ea9u ngay l\u1eadp t\u1ee9c.<\/li>\n<li>Ng\u00f4n ng\u1eef mang t\u00ednh \u0111e d\u1ecda (&#8220;T\u00e0i kho\u1ea3n c\u1ee7a b\u1ea1n s\u1ebd b\u1ecb kh\u00f3a trong 24h&#8221;).<\/li>\n<li>L\u1ed7i ch\u00ednh t\u1ea3 ho\u1eb7c ng\u1eef ph\u00e1p ng\u1edb ng\u1ea9n (do d\u00f9ng c\u00f4ng c\u1ee5 d\u1ecbch t\u1ef1 \u0111\u1ed9ng).<\/li>\n<li>L\u1eddi ch\u00e0o chung chung (&#8220;K\u00ednh g\u1eedi kh\u00e1ch h\u00e0ng&#8221;) thay v\u00ec t\u00ean c\u1ee5 th\u1ec3 c\u1ee7a b\u1ea1n.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Hau-qua-cua-Email-Spoofing-doi-voi-doanh-nghiep-la-gi\"><\/span>H\u1eadu qu\u1ea3 c\u1ee7a Email Spoofing \u0111\u1ed1i v\u1edbi doanh nghi\u1ec7p l\u00e0 g\u00ec?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>T\u00e1c \u0111\u1ed9ng c\u1ee7a m\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng gi\u1ea3 m\u1ea1o email kh\u00f4ng ch\u1ec9 d\u1eebng l\u1ea1i \u1edf m\u1ed9t v\u00e0i m\u00e1y t\u00ednh b\u1ecb nhi\u1ec5m virus. H\u1eadu qu\u1ea3 c\u1ee7a n\u00f3 c\u00f3 th\u1ec3 k\u00e9o d\u00e0i v\u00e0 t\u00e0n ph\u00e1 s\u1ef1 \u1ed5n \u0111\u1ecbnh c\u1ee7a c\u1ea3 m\u1ed9t t\u1ed5 ch\u1ee9c.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Thiet-hai-tai-chinh-va-du-lieu-BEC\"><\/span>Thi\u1ec7t h\u1ea1i t\u00e0i ch\u00ednh v\u00e0 d\u1eef li\u1ec7u (BEC)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Business Email Compromise (BEC) l\u00e0 h\u00ecnh th\u1ee9c t\u1ea5n c\u00f4ng g\u00e2y thi\u1ec7t h\u1ea1i t\u00e0i ch\u00ednh l\u1edbn nh\u1ea5t hi\u1ec7n nay. Hacker gi\u1ea3 m\u1ea1o CEO g\u1eedi email cho k\u1ebf to\u00e1n y\u00eau c\u1ea7u chuy\u1ec3n ti\u1ec1n v\u00e0o m\u1ed9t t\u00e0i kho\u1ea3n &#8220;\u0111\u1ed1i t\u00e1c&#8221; m\u1edbi. V\u00ec tin t\u01b0\u1edfng s\u1ebfp, k\u1ebf to\u00e1n th\u1ef1c hi\u1ec7n l\u1ec7nh chuy\u1ec3n. Khi s\u1ef1 vi\u1ec7c v\u1ee1 l\u1edf, s\u1ed1 ti\u1ec1n \u0111\u00e3 bi\u1ebfn m\u1ea5t v\u00e0 r\u1ea5t kh\u00f3 thu h\u1ed3i. B\u00ean c\u1ea1nh ti\u1ec1n b\u1ea1c, vi\u1ec7c m\u1ea5t d\u1eef li\u1ec7u kh\u00e1ch h\u00e0ng, b\u00ed m\u1eadt kinh doanh qua c\u00e1c email l\u1eeba \u0111\u1ea3o c\u0169ng g\u00e2y ra nh\u1eefng t\u1ed5n th\u1ea5t v\u00f4 h\u00ecnh kh\u00f4ng th\u1ec3 \u0111ong \u0111\u1ebfm.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Ton-hai-danh-tieng-thuong-hieu\"><\/span>T\u1ed5n h\u1ea1i danh ti\u1ebfng th\u01b0\u01a1ng hi\u1ec7u<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>H\u00e3y t\u01b0\u1edfng t\u01b0\u1ee3ng kh\u00e1ch h\u00e0ng c\u1ee7a b\u1ea1n li\u00ean t\u1ee5c nh\u1eadn \u0111\u01b0\u1ee3c email l\u1eeba \u0111\u1ea3o ho\u1eb7c th\u01b0 r\u00e1c \u0111\u1ebfn t\u1eeb t\u00ean mi\u1ec1n <code>@yourcompany.com<\/code>. H\u1ecd s\u1ebd ngh\u0129 g\u00ec v\u1ec1 kh\u1ea3 n\u0103ng b\u1ea3o m\u1eadt v\u00e0 uy t\u00edn c\u1ee7a b\u1ea1n? Ni\u1ec1m tin l\u00e0 th\u1ee9 kh\u00f3 x\u00e2y d\u1ef1ng nh\u01b0ng d\u1ec5 \u0111\u00e1nh m\u1ea5t. Khi kh\u00e1ch h\u00e0ng m\u1ea5t ni\u1ec1m tin, h\u1ecd s\u1ebd r\u1eddi b\u1ecf b\u1ea1n \u0111\u1ec3 t\u00ecm \u0111\u1ebfn \u0111\u1ed1i th\u1ee7 c\u1ea1nh tranh an to\u00e0n h\u01a1n.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Ten-mien-bi-dua-vao-danh-sach-den-Blacklist\"><\/span>T\u00ean mi\u1ec1n b\u1ecb \u0111\u01b0a v\u00e0o danh s\u00e1ch \u0111en (Blacklist)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u00e2y l\u00e0 c\u01a1n \u00e1c m\u1ed9ng k\u1ef9 thu\u1eadt \u0111\u1ed1i v\u1edbi m\u1ecdi doanh nghi\u1ec7p. Khi t\u00ean mi\u1ec1n c\u1ee7a b\u1ea1n b\u1ecb k\u1ebb x\u1ea5u l\u1ee3i d\u1ee5ng \u0111\u1ec3 g\u1eedi h\u00e0ng lo\u1ea1t th\u01b0 r\u00e1c (Spam), c\u00e1c t\u1ed5 ch\u1ee9c gi\u00e1m s\u00e1t uy t\u00edn email (nh\u01b0 Spamhaus, Barracuda) v\u00e0 c\u00e1c nh\u00e0 cung c\u1ea5p d\u1ecbch v\u1ee5 email (Google, Microsoft) s\u1ebd \u0111\u01b0a t\u00ean mi\u1ec1n ho\u1eb7c IP m\u00e1y ch\u1ee7 c\u1ee7a b\u1ea1n v\u00e0o Blacklist.<\/p>\n<p>H\u1eadu qu\u1ea3 l\u00e0 ngay c\u1ea3 nh\u1eefng email kinh doanh h\u1ee3p ph\u00e1p, b\u00e1o gi\u00e1, h\u1ee3p \u0111\u1ed3ng m\u00e0 nh\u00e2n vi\u00ean c\u1ee7a b\u1ea1n g\u1eedi \u0111i c\u0169ng s\u1ebd b\u1ecb ch\u1eb7n l\u1ea1i ho\u1eb7c bay th\u1eb3ng v\u00e0o h\u00f2m th\u01b0 Spam c\u1ee7a \u0111\u1ed1i t\u00e1c. Ho\u1ea1t \u0111\u1ed9ng giao ti\u1ebfp kinh doanh s\u1ebd b\u1ecb t\u00ea li\u1ec7t ho\u00e0n to\u00e0n.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Case-Study-thuc-te\"><\/span>Case Study th\u1ef1c t\u1ebf<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>M\u1ed9t v\u00ed d\u1ee5 \u0111i\u1ec3n h\u00ecnh l\u00e0 v\u1ee5 vi\u1ec7c c\u1ee7a t\u1eadp \u0111o\u00e0n Ubiquiti Networks. Hacker \u0111\u00e3 gi\u1ea3 m\u1ea1o email t\u1eeb c\u1ea5p l\u00e3nh \u0111\u1ea1o cao c\u1ea5p v\u00e0 l\u1eeba b\u1ed9 ph\u1eadn t\u00e0i ch\u00ednh chuy\u1ec3n kho\u1ea3n t\u1ed5ng c\u1ed9ng 46,7 tri\u1ec7u USD ra c\u00e1c t\u00e0i kho\u1ea3n n\u01b0\u1edbc ngo\u00e0i. Hay nh\u01b0 Google v\u00e0 Facebook c\u0169ng t\u1eebng l\u00e0 n\u1ea1n nh\u00e2n c\u1ee7a m\u1ed9t ng\u01b0\u1eddi \u0111\u00e0n \u00f4ng Litva, ng\u01b0\u1eddi \u0111\u00e3 s\u1eed d\u1ee5ng email gi\u1ea3 m\u1ea1o c\u00e1c nh\u00e0 cung c\u1ea5p ph\u1ea7n c\u1ee9ng l\u1edbn \u0111\u1ec3 l\u1eeba hai g\u00e3 kh\u1ed5ng l\u1ed3 n\u00e0y thanh to\u00e1n h\u01a1n 100 tri\u1ec7u USD trong nhi\u1ec1u n\u0103m.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Giai-phap-ky-thuat-Lam-the-nao-de-ngan-chan-Email-Spoofing-triet-de\"><\/span>Gi\u1ea3i ph\u00e1p k\u1ef9 thu\u1eadt: L\u00e0m th\u1ebf n\u00e0o \u0111\u1ec3 ng\u0103n ch\u1eb7n Email Spoofing tri\u1ec7t \u0111\u1ec3?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<figure id=\"attachment_38836\" aria-describedby=\"caption-attachment-38836\" style=\"width: 750px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-38836\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/09\/Ngan-chan-Email-Spoofing.webp\" alt=\"Ng\u0103n ch\u1eb7n Email Spoofing\" width=\"750\" height=\"409\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/09\/Ngan-chan-Email-Spoofing.webp 750w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/09\/Ngan-chan-Email-Spoofing-300x164.webp 300w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><figcaption id=\"caption-attachment-38836\" class=\"wp-caption-text\">Ng\u0103n ch\u1eb7n Email Spoofing<\/figcaption><\/figure>\n<p>\u0110\u1ec3 ng\u0103n ch\u1eb7n Email Spoofing, gi\u00e1o d\u1ee5c nh\u1eadn th\u1ee9c ng\u01b0\u1eddi d\u00f9ng l\u00e0 ch\u01b0a \u0111\u1ee7. Doanh nghi\u1ec7p b\u1eaft bu\u1ed9c ph\u1ea3i tri\u1ec3n khai c\u00e1c h\u00e0ng r\u00e0o k\u1ef9 thu\u1eadt \u0111\u1ec3 x\u00e1c th\u1ef1c danh t\u00ednh email. B\u1ed9 ba ti\u00eau chu\u1ea9n v\u00e0ng trong b\u1ea3o m\u1eadt email hi\u1ec7n nay l\u00e0 <strong>SPF, DKIM v\u00e0 DMARC<\/strong>. T\u1ea1i InterData, ch\u00fang t\u00f4i lu\u00f4n khuy\u1ebfn ngh\u1ecb v\u00e0 h\u1ed7 tr\u1ee3 kh\u00e1ch h\u00e0ng c\u1ea5u h\u00ecnh \u0111\u1ea7y \u0111\u1ee7 c\u1ea3 ba giao th\u1ee9c n\u00e0y.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"1-SPF-Sender-Policy-Framework\"><\/span>1. SPF (Sender Policy Framework)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>SPF<\/strong> ho\u1ea1t \u0111\u1ed9ng nh\u01b0 m\u1ed9t b\u1ea3n danh s\u00e1ch &#8220;ng\u01b0\u1eddi quen&#8221;. N\u00f3 l\u00e0 m\u1ed9t b\u1ea3n ghi v\u0103n b\u1ea3n (TXT record) n\u1eb1m trong h\u1ec7 th\u1ed1ng ph\u00e2n gi\u1ea3i t\u00ean mi\u1ec1n (<a href=\"https:\/\/interdata.vn\/blog\/dns-la-gi\/\">DNS<\/a>) c\u1ee7a b\u1ea1n.<\/p>\n<ul>\n<li><strong>C\u01a1 ch\u1ebf:<\/strong> SPF li\u1ec7t k\u00ea danh s\u00e1ch c\u00e1c <a href=\"https:\/\/interdata.vn\/blog\/dia-chi-ip-la-gi\/\">\u0111\u1ecba ch\u1ec9 IP<\/a> ho\u1eb7c m\u00e1y ch\u1ee7 mail \u0111\u01b0\u1ee3c ph\u00e9p g\u1eedi email thay m\u1eb7t cho t\u00ean mi\u1ec1n c\u1ee7a b\u1ea1n. Khi m\u00e1y ch\u1ee7 c\u1ee7a ng\u01b0\u1eddi nh\u1eadn nh\u1eadn \u0111\u01b0\u1ee3c email, n\u00f3 s\u1ebd ki\u1ec3m tra xem IP g\u1eedi \u0111\u1ebfn c\u00f3 n\u1eb1m trong danh s\u00e1ch SPF c\u1ee7a t\u00ean mi\u1ec1n \u0111\u00f3 kh\u00f4ng.<\/li>\n<li><strong>C\u1ea5u h\u00ecnh m\u1eabu:<\/strong> <code>v=spf1 include:_spf.google.com ip4:192.168.1.1 -all<\/code><\/li>\n<\/ul>\n<p>Trong v\u00ed d\u1ee5 tr\u00ean, ch\u1ec9 c\u00f3 m\u00e1y ch\u1ee7 c\u1ee7a Google v\u00e0 IP 192.168.1.1 \u0111\u01b0\u1ee3c ph\u00e9p g\u1eedi email. T\u1ea5t c\u1ea3 c\u00e1c ngu\u1ed3n kh\u00e1c \u0111\u1ec1u b\u1ecb coi l\u00e0 kh\u00f4ng h\u1ee3p l\u1ec7.<\/p>\n<p><strong>H\u1ea1n ch\u1ebf:<\/strong> SPF ch\u1ec9 ki\u1ec3m tra \u0111\u1ecba ch\u1ec9 <i>Return-Path<\/i> (Envelope From), kh\u00f4ng ki\u1ec3m tra \u0111\u1ecba ch\u1ec9 <i>From Header<\/i> m\u00e0 ng\u01b0\u1eddi d\u00f9ng nh\u00ecn th\u1ea5y. Do \u0111\u00f3, hacker v\u1eabn c\u00f3 th\u1ec3 l\u00e1ch qua SPF b\u1eb1ng c\u00e1ch gi\u1ea3 m\u1ea1o Header.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"2-DKIM-DomainKeys-Identified-Mail\"><\/span>2. DKIM (DomainKeys Identified Mail)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>DKIM<\/strong> gi\u1ea3i quy\u1ebft v\u1ea5n \u0111\u1ec1 to\u00e0n v\u1eb9n d\u1eef li\u1ec7u b\u1eb1ng c\u00e1ch s\u1eed d\u1ee5ng ch\u1eef k\u00fd s\u1ed1 (Digital Signature). N\u00f3 ho\u1ea1t \u0111\u1ed9ng nh\u01b0 m\u1ed9t con d\u1ea5u ni\u00eam phong tr\u00ean phong b\u00ec th\u01b0.<\/p>\n<ul>\n<li class=\"ck-list-marker-bold\"><strong>C\u01a1 ch\u1ebf:<\/strong>\n<ul>\n<li>M\u00e1y ch\u1ee7 g\u1eedi s\u1ebd t\u1ea1o ra m\u1ed9t c\u1eb7p kh\u00f3a (Private Key v\u00e0 Public Key).<\/li>\n<li>Private Key \u0111\u01b0\u1ee3c d\u00f9ng \u0111\u1ec3 m\u00e3 h\u00f3a m\u1ed9t ph\u1ea7n n\u1ed9i dung email v\u00e0 t\u1ea1o ra m\u1ed9t ch\u1eef k\u00fd s\u1ed1 g\u1eafn v\u00e0o Header email khi g\u1eedi \u0111i.<\/li>\n<li>Public Key \u0111\u01b0\u1ee3c c\u00f4ng khai tr\u00ean b\u1ea3n ghi DNS c\u1ee7a t\u00ean mi\u1ec1n.<\/li>\n<li>M\u00e1y ch\u1ee7 nh\u1eadn s\u1ebd d\u00f9ng Public Key \u0111\u1ec3 gi\u1ea3i m\u00e3 ch\u1eef k\u00fd. N\u1ebfu kh\u1edbp, ch\u1ee9ng t\u1ecf email th\u1ef1c s\u1ef1 xu\u1ea5t ph\u00e1t t\u1eeb t\u00ean mi\u1ec1n \u0111\u00f3 v\u00e0 n\u1ed9i dung kh\u00f4ng b\u1ecb s\u1eeda \u0111\u1ed5i tr\u00ean \u0111\u01b0\u1eddng truy\u1ec1n.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>DKIM \u0111\u1ea3m b\u1ea3o r\u1eb1ng email kh\u00f4ng b\u1ecb gi\u1ea3 m\u1ea1o n\u1ed9i dung, nh\u01b0ng n\u00f3 c\u0169ng ch\u01b0a ch\u1ec9 \u0111\u1ecbnh r\u00f5 m\u00e1y ch\u1ee7 nh\u1eadn ph\u1ea3i l\u00e0m g\u00ec n\u1ebfu ch\u1eef k\u00fd kh\u00f4ng h\u1ee3p l\u1ec7.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"3-DMARC-Domain-based-Message-Authentication-Reporting-and-Conformance\"><\/span>3. DMARC (Domain-based Message Authentication, Reporting, and Conformance)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>DMARC<\/strong> l\u00e0 m\u1ea3nh gh\u00e9p cu\u1ed1i c\u00f9ng v\u00e0 quan tr\u1ecdng nh\u1ea5t. N\u00f3 k\u1ebft h\u1ee3p s\u1ee9c m\u1ea1nh c\u1ee7a c\u1ea3 SPF v\u00e0 DKIM, \u0111\u1ed3ng th\u1eddi cung c\u1ea5p h\u01b0\u1edbng d\u1eabn x\u1eed l\u00fd cho m\u00e1y ch\u1ee7 nh\u1eadn.<\/p>\n<ul>\n<li><strong>C\u01a1 ch\u1ebf:<\/strong> DMARC s\u1eed d\u1ee5ng SPF v\u00e0 DKIM \u0111\u1ec3 ki\u1ec3m tra. Quan tr\u1ecdng h\u01a1n, n\u00f3 cho ph\u00e9p ch\u1ee7 s\u1edf h\u1eefu t\u00ean mi\u1ec1n thi\u1ebft l\u1eadp ch\u00ednh s\u00e1ch (Policy) \u0111\u1ec3 n\u00f3i v\u1edbi b\u00ean nh\u1eadn r\u1eb1ng: &#8220;N\u1ebfu email n\u00e0y tr\u01b0\u1ee3t c\u1ea3 SPF v\u00e0 DKIM, h\u00e3y x\u1eed l\u00fd n\u00f3 nh\u01b0 th\u1ebf n\u00e0o&#8221;.<\/li>\n<\/ul>\n<p>C\u00e1c ch\u00ednh s\u00e1ch DMARC (tag <code>p=<\/code>):<\/p>\n<ul>\n<li><code>p=none<\/code>: Ch\u1ec9 theo d\u00f5i, kh\u00f4ng ch\u1eb7n email. D\u00f9ng trong giai \u0111o\u1ea1n \u0111\u1ea7u \u0111\u1ec3 thu th\u1eadp d\u1eef li\u1ec7u.<\/li>\n<li><code>p=quarantine<\/code>: \u0110\u01b0a email nghi ng\u1edd v\u00e0o h\u00f2m th\u01b0 Spam\/Junk.<\/li>\n<li><code>p=reject<\/code>: T\u1eeb ch\u1ed1i nh\u1eadn email ngay l\u1eadp t\u1ee9c. \u0110\u00e2y l\u00e0 m\u1ee9c \u0111\u1ed9 b\u1ea3o v\u1ec7 cao nh\u1ea5t.<\/li>\n<\/ul>\n<p>Ngo\u00e0i ra, DMARC c\u00f2n cung c\u1ea5p t\u00ednh n\u0103ng b\u00e1o c\u00e1o (Reporting). C\u00e1c m\u00e1y ch\u1ee7 nh\u1eadn (nh\u01b0 Gmail, Yahoo) s\u1ebd g\u1eedi b\u00e1o c\u00e1o v\u1ec1 cho b\u1ea1n bi\u1ebft ai \u0111ang g\u1eedi email d\u01b0\u1edbi danh ngh\u0129a t\u00ean mi\u1ec1n c\u1ee7a b\u1ea1n, gi\u00fap b\u1ea1n ph\u00e1t hi\u1ec7n s\u1edbm c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng.<\/p>\n<h4>B\u1ea3ng so s\u00e1nh nhanh b\u1ed9 3 b\u1ea3o m\u1eadt email<\/h4>\n<figure class=\"table\">\n<table>\n<thead>\n<tr>\n<th>Giao th\u1ee9c<\/th>\n<th>Ch\u1ee9c n\u0103ng ch\u00ednh<\/th>\n<th>Vai tr\u00f2<\/th>\n<th>M\u1ee9c \u0111\u1ed9 quan tr\u1ecdng<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>SPF<\/strong><\/td>\n<td>X\u00e1c th\u1ef1c \u0111\u1ecba ch\u1ec9 IP g\u1eedi<\/td>\n<td>Danh s\u00e1ch cho ph\u00e9p (Whitelist)<\/td>\n<td>C\u01a1 b\u1ea3n<\/td>\n<\/tr>\n<tr>\n<td><strong>DKIM<\/strong><\/td>\n<td>X\u00e1c th\u1ef1c t\u00ednh to\u00e0n v\u1eb9n n\u1ed9i dung<\/td>\n<td>Ch\u1eef k\u00fd s\u1ed1 (Digital Signature)<\/td>\n<td>N\u00e2ng cao<\/td>\n<\/tr>\n<tr>\n<td><strong>DMARC<\/strong><\/td>\n<td>Quy \u0111\u1ecbnh ch\u00ednh s\u00e1ch x\u1eed l\u00fd<\/td>\n<td>Ra l\u1ec7nh (Police) &amp; B\u00e1o c\u00e1o<\/td>\n<td>To\u00e0n di\u1ec7n (B\u1eaft bu\u1ed9c)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<p>Vi\u1ec7c tri\u1ec3n khai DMARC \u1edf ch\u1ebf \u0111\u1ed9 <code>p=reject<\/code> l\u00e0 c\u00e1ch duy nh\u1ea5t \u0111\u1ec3 ng\u0103n ch\u1eb7n tri\u1ec7t \u0111\u1ec3 hacker s\u1eed d\u1ee5ng t\u00ean mi\u1ec1n c\u1ee7a b\u1ea1n \u0111\u1ec3 th\u1ef1c hi\u1ec7n Email Spoofing. N\u1ebfu b\u1ea1n ch\u01b0a bi\u1ebft c\u00e1ch c\u1ea5u h\u00ecnh, \u0111\u1ed9i ng\u0169 k\u1ef9 thu\u1eadt t\u1ea1i InterData lu\u00f4n s\u1eb5n s\u00e0ng h\u1ed7 tr\u1ee3 ki\u1ec3m tra v\u00e0 thi\u1ebft l\u1eadp chu\u1ea9n x\u00e1c cho h\u1ec7 th\u1ed1ng email doanh nghi\u1ec7p c\u1ee7a b\u1ea1n.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Nguoi-dung-ca-nhan-can-lam-gi-de-phong-tranh\"><\/span>Ng\u01b0\u1eddi d\u00f9ng c\u00e1 nh\u00e2n c\u1ea7n l\u00e0m g\u00ec \u0111\u1ec3 ph\u00f2ng tr\u00e1nh?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Trong khi ch\u1edd \u0111\u1ee3i c\u00e1c t\u1ed5 ch\u1ee9c tri\u1ec3n khai b\u1ea3o m\u1eadt, ng\u01b0\u1eddi d\u00f9ng cu\u1ed1i ch\u00ednh l\u00e0 ch\u1ed1t ch\u1eb7n cu\u1ed1i c\u00f9ng. B\u1ea1n c\u1ea7n trang b\u1ecb cho m\u00ecnh nh\u1eefng th\u00f3i quen s\u1ed1 an to\u00e0n:<\/p>\n<ul>\n<li><strong>Kh\u00f4ng bao gi\u1edd click v\u00e0o link l\u1ea1:<\/strong> K\u1ec3 c\u1ea3 khi email \u0111\u1ebfn t\u1eeb ng\u01b0\u1eddi quen. H\u00e3y r\u00ea chu\u1ed9t v\u00e0o \u0111\u01b0\u1eddng link \u0111\u1ec3 xem \u0111\u1ecba ch\u1ec9 \u0111\u00edch th\u1ef1c s\u1ef1 tr\u01b0\u1edbc khi nh\u1ea5p.<\/li>\n<li><strong>X\u00e1c minh qua k\u00eanh th\u1ee9 hai (2FA con ng\u01b0\u1eddi):<\/strong> N\u1ebfu nh\u1eadn \u0111\u01b0\u1ee3c email y\u00eau c\u1ea7u chuy\u1ec3n ti\u1ec1n ho\u1eb7c thay \u0111\u1ed5i th\u00f4ng tin t\u00e0i kho\u1ea3n t\u1eeb s\u1ebfp ho\u1eb7c \u0111\u1ed1i t\u00e1c, h\u00e3y g\u1ecdi \u0111i\u1ec7n tho\u1ea1i ho\u1eb7c nh\u1eafn tin qua \u1ee9ng d\u1ee5ng chat \u0111\u1ec3 x\u00e1c nh\u1eadn l\u1ea1i. \u0110\u1eebng bao gi\u1edd ch\u1ec9 d\u1ef1a v\u00e0o email.<\/li>\n<li><strong>S\u1eed d\u1ee5ng ph\u1ea7n m\u1ec1m b\u1ea3o m\u1eadt:<\/strong> C\u00e0i \u0111\u1eb7t c\u00e1c ph\u1ea7n m\u1ec1m Antivirus v\u00e0 Internet Security uy t\u00edn. Ch\u00fang th\u01b0\u1eddng c\u00f3 t\u00ednh n\u0103ng qu\u00e9t email v\u00e0 c\u1ea3nh b\u00e1o c\u00e1c <a href=\"https:\/\/interdata.vn\/blog\/page-la-gi\/\">trang web<\/a> l\u1eeba \u0111\u1ea3o.<\/li>\n<li><strong>B\u1eadt x\u00e1c th\u1ef1c hai y\u1ebfu t\u1ed1 (2FA):<\/strong> B\u1ea3o v\u1ec7 t\u00e0i kho\u1ea3n email c\u1ee7a ch\u00ednh b\u1ea1n. N\u1ebfu hacker kh\u00f4ng th\u1ec3 chi\u1ebfm \u0111\u01b0\u1ee3c t\u00e0i kho\u1ea3n c\u1ee7a b\u1ea1n, ch\u00fang bu\u1ed9c ph\u1ea3i d\u00f9ng k\u1ef9 thu\u1eadt Spoofing b\u00ean ngo\u00e0i, v\u00e0 \u0111i\u1ec1u n\u00e0y d\u1ec5 b\u1ecb ph\u00e1t hi\u1ec7n h\u01a1n l\u00e0 vi\u1ec7c email th\u1eadt b\u1ecb hack.<\/li>\n<li><strong>S\u1eed d\u1ee5ng ch\u1eef k\u00fd s\u1ed1 c\u00e1 nh\u00e2n (PGP\/S\/MIME):<\/strong> \u0110\u1ed1i v\u1edbi c\u00e1c giao d\u1ecbch c\u1ef1c k\u1ef3 quan tr\u1ecdng, vi\u1ec7c s\u1eed d\u1ee5ng ch\u1eef k\u00fd s\u1ed1 c\u00e1 nh\u00e2n (nh\u01b0 S\/MIME) s\u1ebd gi\u00fap \u0111\u1ed1i t\u00e1c x\u00e1c \u0111\u1ecbnh ch\u1eafc ch\u1eafn email \u0111\u00f3 l\u00e0 do b\u1ea1n g\u1eedi.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Cac-cau-hoi-thuong-gap-ve-Email-Spoofing-FAQs\"><\/span>C\u00e1c c\u00e2u h\u1ecfi th\u01b0\u1eddng g\u1eb7p v\u1ec1 Email Spoofing (FAQs)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><span class=\"ez-toc-section\" id=\"1-Email-Spoofing-co-giong-voi-hack-tai-khoan-email-khong\"><\/span>1. Email Spoofing c\u00f3 gi\u1ed1ng v\u1edbi hack t\u00e0i kho\u1ea3n email kh\u00f4ng?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Kh\u00f4ng. Hack t\u00e0i kho\u1ea3n l\u00e0 khi k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 \u0111\u01b0\u1ee3c m\u1eadt kh\u1ea9u v\u00e0 \u0111\u0103ng nh\u1eadp v\u00e0o t\u00e0i kho\u1ea3n th\u1ef1c c\u1ee7a b\u1ea1n \u0111\u1ec3 g\u1eedi th\u01b0. Spoofing l\u00e0 khi k\u1ebb t\u1ea5n c\u00f4ng \u0111\u1ee9ng t\u1eeb b\u00ean ngo\u00e0i, gi\u1ea3 m\u1ea1o t\u00ean ng\u01b0\u1eddi g\u1eedi m\u00e0 kh\u00f4ng c\u1ea7n truy c\u1eadp v\u00e0o t\u00e0i kho\u1ea3n th\u1ef1c. Tuy nhi\u00ean, h\u1eadu qu\u1ea3 c\u1ee7a c\u1ea3 hai \u0111\u1ec1u nghi\u00eam tr\u1ecdng nh\u01b0 nhau.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"2-Toi-co-the-truy-tim-dia-chi-IP-thuc-cua-ke-gia-mao-khong\"><\/span>2. T\u00f4i c\u00f3 th\u1ec3 truy t\u00ecm \u0111\u1ecba ch\u1ec9 IP th\u1ef1c c\u1ee7a k\u1ebb gi\u1ea3 m\u1ea1o kh\u00f4ng?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>C\u00f3 th\u1ec3, nh\u01b0ng kh\u00f4ng ph\u1ea3i l\u00fac n\u00e0o c\u0169ng t\u00ecm ra th\u1ee7 ph\u1ea1m cu\u1ed1i c\u00f9ng. B\u1eb1ng c\u00e1ch ph\u00e2n t\u00edch Email Header, b\u1ea1n c\u00f3 th\u1ec3 t\u00ecm th\u1ea5y IP g\u1eedi trong d\u00f2ng <code>Received<\/code> \u0111\u1ea7u ti\u00ean (d\u01b0\u1edbi c\u00f9ng). Tuy nhi\u00ean, hacker chuy\u00ean nghi\u1ec7p th\u01b0\u1eddng s\u1eed d\u1ee5ng c\u00e1c m\u00e1y ch\u1ee7 Proxy, VPN ho\u1eb7c <a href=\"https:\/\/interdata.vn\/blog\/botnet-la-gi\/\">Botnet<\/a> \u0111\u1ec3 che gi\u1ea5u IP th\u1eadt c\u1ee7a ch\u00fang.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"3-Lam-sao-de-biet-domain-cua-toi-dang-bi-ke-xau-loi-dung-de-gui-thu-rac\"><\/span>3. L\u00e0m sao \u0111\u1ec3 bi\u1ebft domain c\u1ee7a t\u00f4i \u0111ang b\u1ecb k\u1ebb x\u1ea5u l\u1ee3i d\u1ee5ng \u0111\u1ec3 g\u1eedi th\u01b0 r\u00e1c?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>C\u00e1ch hi\u1ec7u qu\u1ea3 nh\u1ea5t l\u00e0 tri\u1ec3n khai DMARC v\u00e0 c\u1ea5u h\u00ecnh nh\u1eadn b\u00e1o c\u00e1o (RUA reports). C\u00e1c b\u00e1o c\u00e1o n\u00e0y s\u1ebd cho b\u1ea1n bi\u1ebft danh s\u00e1ch t\u1ea5t c\u1ea3 c\u00e1c IP \u0111ang g\u1eedi email d\u01b0\u1edbi danh ngh\u0129a domain c\u1ee7a b\u1ea1n. Ngo\u00e0i ra, b\u1ea1n c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng c\u00e1c c\u00f4ng c\u1ee5 nh\u01b0 Google Postmaster Tools \u0111\u1ec3 theo d\u00f5i uy t\u00edn t\u00ean mi\u1ec1n.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"4-Cau-hinh-SPF-da-du-de-chan-spoofing-chua\"><\/span>4. C\u1ea5u h\u00ecnh SPF \u0111\u00e3 \u0111\u1ee7 \u0111\u1ec3 ch\u1eb7n spoofing ch\u01b0a?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Ch\u01b0a \u0111\u1ee7. SPF c\u00f3 nhi\u1ec1u h\u1ea1n ch\u1ebf, v\u00ed d\u1ee5 nh\u01b0 kh\u00f4ng b\u1ea3o v\u1ec7 \u0111\u01b0\u1ee3c khi email \u0111\u01b0\u1ee3c chuy\u1ec3n ti\u1ebfp (forwarding) v\u00e0 kh\u00f4ng ki\u1ec3m tra \u0111\u01b0\u1ee3c \u0111\u1ecba ch\u1ec9 hi\u1ec3n th\u1ecb (Display Name). B\u1ea1n b\u1eaft bu\u1ed9c ph\u1ea3i k\u1ebft h\u1ee3p th\u00eam DKIM v\u00e0 \u0111\u1eb7c bi\u1ec7t l\u00e0 DMARC \u0111\u1ec3 c\u00f3 kh\u1ea3 n\u0103ng b\u1ea3o v\u1ec7 to\u00e0n di\u1ec7n.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Loi-ket\"><\/span>L\u1eddi k\u1ebft<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Email Spoofing l\u00e0 m\u1ed9t m\u1ed1i \u0111e d\u1ecda dai d\u1eb3ng v\u00e0 ng\u00e0y c\u00e0ng tinh vi trong k\u1ef7 nguy\u00ean s\u1ed1. N\u00f3 kh\u00f4ng ch\u1ec9 g\u00e2y thi\u1ec7t h\u1ea1i v\u1ec1 t\u00e0i ch\u00ednh m\u00e0 c\u00f2n \u0103n m\u00f2n ni\u1ec1m tin gi\u1eefa doanh nghi\u1ec7p v\u00e0 kh\u00e1ch h\u00e0ng. Tuy nhi\u00ean, ch\u00fang ta ho\u00e0n to\u00e0n c\u00f3 th\u1ec3 ph\u00f2ng ch\u1ed1ng \u0111\u01b0\u1ee3c n\u1ebfu k\u1ebft h\u1ee3p gi\u1eefa s\u1ef1 c\u1ea3nh gi\u00e1c c\u1ee7a con ng\u01b0\u1eddi v\u00e0 c\u00e1c gi\u1ea3i ph\u00e1p k\u1ef9 thu\u1eadt m\u1ea1nh m\u1ebd.<\/p>\n<p>Vi\u1ec7c tri\u1ec3n khai b\u1ed9 ba <strong>SPF, DKIM, DMARC<\/strong> kh\u00f4ng c\u00f2n l\u00e0 m\u1ed9t l\u1ef1a ch\u1ecdn &#8220;c\u00f3 th\u00ec t\u1ed1t&#8221;, m\u00e0 \u0111\u00e3 tr\u1edf th\u00e0nh ti\u00eau chu\u1ea9n b\u1eaft bu\u1ed9c \u0111\u1ed1i v\u1edbi b\u1ea5t k\u1ef3 doanh nghi\u1ec7p n\u00e0o mu\u1ed1n b\u1ea3o v\u1ec7 th\u01b0\u01a1ng hi\u1ec7u c\u1ee7a m\u00ecnh. \u0110\u1eebng \u0111\u1ee3i \u0111\u1ebfn khi x\u1ea3y ra s\u1ef1 c\u1ed1 m\u1edbi b\u1eaft \u0111\u1ea7u h\u00e0nh \u0111\u1ed9ng.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>T\u00f3m t\u1eaft nhanh Email Spoofing l\u00e0 m\u1ed9t k\u1ef9 thu\u1eadt t\u1ea5n c\u00f4ng m\u1ea1ng trong \u0111\u00f3 hacker thao t\u00fang th\u00f4ng tin ti\u00eau \u0111\u1ec1 (header) c\u1ee7a email \u0111\u1ec3 l\u00e0m cho th\u01b0 c\u00f3 v\u1ebb nh\u01b0 \u0111\u01b0\u1ee3c g\u1eedi t\u1eeb m\u1ed9t ngu\u1ed3n tin c\u1eady (nh\u01b0 ng\u00e2n h\u00e0ng, \u0111\u1ed1i t\u00e1c ho\u1eb7c s\u1ebfp c\u1ee7a b\u1ea1n). M\u1ee5c \u0111\u00edch ch\u00ednh th\u01b0\u1eddng l\u00e0 l\u1eeba \u0111\u1ea3o (phishing),<\/p>\n","protected":false},"author":11,"featured_media":38834,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[83],"tags":[],"class_list":["post-33024","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bao-mat-an-ninh-mang"],"_links":{"self":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/33024","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/comments?post=33024"}],"version-history":[{"count":6,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/33024\/revisions"}],"predecessor-version":[{"id":38838,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/33024\/revisions\/38838"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media\/38834"}],"wp:attachment":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media?parent=33024"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/categories?post=33024"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/tags?post=33024"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}