World Library  
Flag as Inappropriate
Email this Article

Email hacking

Article Id: WHEBN0035345007
Reproduction Date:

Title: Email hacking  
Author: World Heritage Encyclopedia
Language: English
Subject: Email
Collection: Email, Hacking (Computer Security)
Publisher: World Heritage Encyclopedia
Publication
Date:
 

Email hacking

OPSEC warning military personnel not to use email accounts with weak security.

Email hacking is illicit access to an email account or email correspondence.[1][2]

Contents

  • Overview 1
  • Attacks 2
    • Spam 2.1
    • Virus 2.2
    • Phishing 2.3
  • Preventing email hacking 3
  • Steps to take after email account is compromised 4
  • Cases of email hacking 5
  • References 6

Overview

Electronic mail (email) is a widely used communication mechanism that can be categorized into two basic types of web-based service: an open web-based email service and a closed web-based service. The first category provides web-based email accounts to anyone for free or at a fee. The second category provides email accounts that are managed by organizations for employees, students, and members only.[3] Commercial and social websites rely on the security of email accounts. Large amounts of email exchanges are occurring daily, some of which contain personal information, company secrets, and sensitive information. This makes email accounts very valuable and becomes one of the main causes of email hacking.

Attacks

There are a number of ways in which a hacker can illegally gain access to an email account and majority of them rely on user behavior.

Spam

As rules that govern unsolicited emails tighten, spammers attempt to find new ways around them. Attackers often send massive email broadcasts with a hidden or misleading incoming IP address and email address.[4] Some users may open the spam, read it, and possibly be tempted by whatever wares or schemes are offered. If the spammer were to get a hold of a company’s sending email and IP address, the impact on the company's business would be devastating. The company’s Internet connection would be terminated by its Internet Service Provider(ISP) if its email and IP address are added to the black list of known spamming addresses. Effectively, this would shut down the company’s online business because none of the emails would reach their destination.

Virus

Some emails incorporate a virus as a means of transportation. The Sobig virus is an example of such technology, creating a spamming infrastructure by taking over unwilling participants’ PC.[4] This was a major threat to email security as spam will continue to spread and trigger dangerous viruses for malicious intent.

Phishing

This type of attack uses email messages from legitimate businesses that the user may be associated with. Although the messages look authentic with all the corporate logos and similar format as the official emails, they ask for verification of personal information such as the account number, password, and date of birth. 20% of unsuspecting victims respond to them, which may result in stolen accounts, financial loss, and even worse, identity theft.[4]

Preventing email hacking

Email on the internet is now commonly sent by the Simple Mail Transfer Protocol (SMTP). This does not encrypt the text of emails and so intercepted mail can be read easily unless the user adds their own encryption. The identity of the sender or addressee of an email is not authenticated and this provides opportunities for abuse such as spoofing.[5] It is important to guard all gateways of a network. Having a firewall and anti-virus software is often not enough for a corporate business. Implementing security measures is a necessity such as installing a sniffer as well as an intrusion detection system (IDS) to make sure that nobody is accessing your network without permission and to detect any network intrusion attempts. In order to spot any vulnerabilities in a company's network, security specialists will perform an audit on the company. They may also hire a Certified Ethical Hacker to perform a mock attack in order to find any gaps in their network security.[6]

Although companies may secure their internal networks, vulnerabilities can also occur through home networking.[6] Email may be protected by methods such as a strong password, encryption of the contents or a digital signature. An email disclaimer may be used to warn unauthorised readers but these are thought to be ineffective. Some times the e mail holder forget to sign out from e mail after using mail from an internet cafe, Then the hackers can take full control of their e mail.

Steps to take after email account is compromised

  1. Updating your security software - It is critical that the PC is up to date with the current operating system updates as well as anti-virus/malware updates. There is a possibility that the PC is infected with a malware.
  2. Recover your account - If the user is unable to log in then it is likely that the password has already been changed. In this case, email providers often have the “I forgot my password” option and will typically send password reset instructions to an alternate email address. This may involve knowing your secret question. If the password recovery method does not work, you may need to contact your email service provider.
  3. Change your email account information - After regaining access to your email account, immediately change to a strong password that can be easily remembered but hard to guess. It is important to change the recovery information such as the secret question and alternative email address as the attacker will most likely have access to this information.
  4. Let contacts on your email address know you have been hacked - This will help stop the spam or malware that could be propagating from your email address by alerting your contacts and letting them know not to pay attention to the emails sent from this address during the time the account is hacked.
  5. Learn from experience:
  • Never share your password with anyone.
  • Be on the lookout for phishing attempts and spam email.
  • Keep your operating system, anti-virus software, and anti-ware tools up to date.
  • Take extra precaution when using public computers to check email. There is no way of knowing whether the computer has been infected with malware and/or if it has a key logger installed.
  • Be cautions when connecting to an open Wifi hotspot. There are various network-based threats that can occur on an untrusted network connection therefore, firewall is a necessity. One may also consider using a VPN.
  • Consider using some type of multi-factor authentication to add an extra layer of security such as Gmail’s 2-step verification.

Cases of email hacking

As email has increasingly replaced traditional post for important correspondence, there have been several notable cases in which email has been intercepted by other people for illicit purposes. Email archives from the

  1. ^ Joel Scambray, Stuart McClure, George Kurtz (2001), "Email Hacking", Hacking Exposed,  
  2. ^ R. Thilagaraj, G Deepak Raj Rao (2011), "Email hacking", Cyber Crime and Digital Disorder,  
  3. ^ Feng Zhang, Rasika Dayarathn (2010). "Is Your Email Box Safe?". Journal of Information Privacy & Security 6 (1): 29. 
  4. ^ a b c Alex Kosachev, Hamid R. Nemati (2009). "Chronicle of a journey: an e-mail bounce back system". International Journal of Information Security and Privacy 3 (2): 10. 
  5. ^ Nitesh Dhanjani, Billy Rios, Brett Hardin (2009), "Abusing SMTP", Hacking,  
  6. ^ a b "Online security: Hacking". New Media Age: 8–9. 24 March 2005. 
  7. ^ Maxwell T. Boykoff (2011), "The UEA CRU email hacking scandal (a.k.a. 'Climategate')", Who Speaks for the Climate?,  
  8. ^ James Cusick, Ian Burrell (20 January 2012), "We hacked emails too – News International",  
  9. ^ Tony Dyhouse (25 October 2011), Email hacking victim Rowenna Davis tells her story,  
  10. ^ Charles P. Pfleeger, Shari Lawrence Pfleeger (2011), Analyzing Computer Security,  
  11. ^ "Hacker exposes ex-US President George H W Bush emails". BBC News. 8 February 2013. Retrieved 10 February 2013. 

References

[11]

This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and USA.gov, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for USA.gov and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
 
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
 
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.
 


Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.