You are on page 1of 11

EMAIL ATTACKS AND CRIME INVOLVING EMAIL Abstract

Ever since the emergency of the internet and subsequent discovery of the electronic mail (email) system as a fast, efficient and seeming secured means of written communication exchange; email has continued to gain popularity and attract more users for varied purposes. Emails convenient-to-use, relative anonymity and borderless attributes may have informed its apparent advances in replacing the traditional postal mail systems, and in the attraction of wide-ranging businesses and criminal applications. Presently, amazing amount of emails are sent and received every day and; interestingly, lots of easily convertible monetary values transit through these emails on second-by-second bases. Many private individuals, groups and organizations have suffered tremendous losses in revenue and other resources on account of crimes involving emails. Organizational databases, work platforms, corporate communications, treasuries and valuable resources stored in electronic form are often broken into by criminals through email attacks using social engineering on hoax mails or spear phishing emails. Habitually, people get paranoid at the slightest thought of these crimes due to their strange natures, the level of devastation they wreck in a very short time, their increasing rates of occurrences and their rising successfulness. Demystifying these common but persisting crimes involving emails is the motivation for this write-up. Therefore, sharing this information in nontechnical language for the understanding of all is the principal objective; particularly as this is considered the most effective means of extending real help to victims, potential targets and everyone that uses email. I believe discussing this with common examples will be helpful.

By: iyke Ezeugo, Feb 2013

EMAIL ATTACKS AND CRIME INVOLVING EMAIL

Below is a good example of a spear phishing email purported to have been sent from ABSA and intended to deceive the banks customers. Unfortunately, the criminals usually send such emails indiscriminately and often to all addresses in their address book, not minding that their game can be knocked if the email gets to recipients who have no business with the ABSA bank. This is an active email attack with malicious codes embedded in an attached electronic file presented as the recipients bank account statement. Notice that even as the sender tried to present an email address (ibreply@absa.co.za) on a domain (absa.co.za) that looks real, the email supposedly bearing an individual customers electronic account statement is actually sent to many undisclosed-recipients, and also addressed to no particular person (Dear Customer). Can a genuine financial institution truly do this? Importantly, considerable effort is put in imitating the banks stationery and logo with the aim of deceiving naive people. A dangerous dimension to this will be to format the email template as a picture and embed a hyperlink on the entire body of the mail that a click at any point will automatically execute the malicious code. This informs the reason why the best approach to dealing with this is to delete all suspicious mails without attempting anything smart.

By: iyke Ezeugo, Feb 2013

EMAIL ATTACKS AND CRIME INVOLVING EMAIL Overview of crimes involving email
A closer look will reveal that there is nothing magical or mysterious about crimes involving emails as the said crimes are still the same age-long traditional crimes which only found electronic enhancements or technological facilitation in their perpetration and concealment. Basically, the email system provides certain useful incentives which seem to have made it an attractive hub for criminals. Some of these enticements include email affordability, speed, hassle-free account setup, relative anonymity, email exceptional usage convenience and adaptability. Unfortunately, these powerful incentives are not only available to genuine and rational users but, they are also inadvertently extended to those that abuse and misuse technology for criminal activities. As a result, crimes involving emails are increasingly becoming prominent and persistent in our time. The principal reasons for these are directly linked to the numerous powerful incentives offered by email in its intrinsic attributes, in addition to the superficial privacy and the increasing application universality it offers. Whereas many email attacks can be targeted to individuals and small organizations, spear phishing attacks are predominantly aimed at popular email service vendors and large companies (Miguel Gomez, 2011). Many unsuspecting private and corporate email users have severally fallen victims and consequently suffered tremendous losses resulting from various email attacks. There are no exceptions, even with reputable and supposedly highly equipped organizations like Google, Microsoft, EPILON, RSA, HBGary, Banking institutions, National Intelligence Agencies, Military Formations, Policing Authorities, Diplomatic Missions, Governmental Bodies, e-businesses, etc. However, it might be useful to note that not all attacks on the information system are launched through email. Some potent attacks on information systems are sometimes a combination of different strategies. Below are quick examples of directed intensive attacks that have made very significant marks in the past few years: Hacktism attack: this is usually launched by group of anonymous referred to as hacktivists. Predominantly, their targets include diplomatic institutions, government agencies and notable corporate entities. Their motivation is claimed to be closely linked to activism and protests for various pursuits, including free speech on the web. The script kiddies attack: this is launched on mostly payment platform sites like Visa, MasterCard, PayPal, Interswitch, E-transact, etc. The Pfc attack: this is mostly directed on diplomatic cables and the attack proceeds are usually availed in Wikileak.

Some historic attacks that were outstandingly successful in their mission include: The 1999 Love Bug virus which wreaked havoc in millions of computers connected to the internet in less than 36hrs that it was released.

By: iyke Ezeugo, Feb 2013

EMAIL ATTACKS AND CRIME INVOLVING EMAIL


The 2000 Canadian 15 years old Mafiaboy attack labeled Project revolta launched against Yahoo, CNN, eBay, Dell, & Amazon; The 2008 Project Chanology. By the Anonymous which briefly pulled down the Church of Scientologys website. The 2010 Operation Aurora attack - a phishing attack launched through a malware exploiting the 'zero-day' security vulnerability in the Microsoft Internet Explorer browser to load malicious codes that extracts targeted information from the exploited systems. Google reported to have sustained serious loss of intellectual property as a result. There are still many more recent ones.

Email attacks and their unique natures: Passive Email Attacks Email attacks can be categorized into two major groups: Passive and Active attacks. The passive email attacks are the category of spoofing emails that have no active malicious codes embedded in the message but, the email has plain con messages designed to deceive the unsuspecting message recipients into taking certain nontechnical actions that exposes the recipients guards while availing the sender undue advantage over him/her. Such emails often deploy the social engineering approach - seeking to deceive the recipients into providing vital and confidential information to the wrong persons and for the wrong purpose. Sometimes such mails are also designed to deceptively lead victims into making payments for nonexistent goods or services, etc. Below are quick examples of such emails:

By: iyke Ezeugo, Feb 2013

EMAIL ATTACKS AND CRIME INVOLVING EMAIL

NARRATION:
The above is a typical simple spoofed email structured to appear as if it was sent from Facebook. Facebook is used in the crime because it is a renowned organization that can easily win recipients trust and help the perpetrator in overcoming the initial suspicion. Once the targets trust is won on the first sighting of the email, the unsuspecting user will be misled into opening the mail on the assumption that his/her Facebook team is trying to contact him/her. On opening the mail, it will be found that it is only a mail from a supposedly female Facebook user (Melissa) purported to be earnestly seeking for your love. You could easily fall victim, if your mission on Facebook is to find strange lovers, you will quickly jump at the offer and add the address for a chat. This will subsequently open your systems doors defenselessly to all manners of con, attacks or malwares. Meanwhile, observe that the email was sent from a fake email address (noxbhguuubk@fgstuxopze.com) that has nothing to do with Facebook. To further remove suspicion by hiding other many recipients it was copied, the sender uses one of his/her fake email addresses (jimmyarsenio2002@yahoo.com) on the To box, and then used the Bcc to copy all other recipients. The cc column is left vacant so that the other people copied in the message will not appear to each recipient. This is aimed at making it appear as though it was a private mail sent to a particular individual (you) thereby eliminating the usual concern when To: undisclosed recipients is seen in the To column when the sender uses the bcc key alone to copy all recipients. Again, notice that the email is not addressed to any particular person, Hey Babe is used to conceal that part.

By: iyke Ezeugo, Feb 2013

EMAIL ATTACKS AND CRIME INVOLVING EMAIL

By: iyke Ezeugo, Feb 2013

EMAIL ATTACKS AND CRIME INVOLVING EMAIL


NARRATION:
The above two emails are spoofing emails of about the same nature. They are purposed for swindling naive folks. They are purported to be coming from organizations seeking to transfer funds or pay won lottery to the email recipients. The second mail is purported to be coming from UN payment office and, to undisclosed-recipients has a PDF document as attachment. The attached documents content is structured to convince the recipient of his/her wining a lottery even as he/she did not play any lottery. Sometimes they claim that it is the recipients email account (though usually unidentified) has won an unannounced automated random selection lottery. The amount won in most cases are usually massive and very tempting. This is purely a deceiving email sent from a fake email account created in an safrican.com domain, branded UN payment office, and sent to many undisclosed-recipients using the blind carbon copy bcc key in the mail compose pane. One good thing about this simple spoofing email is that the PDF attachment is safe to open and it has no embedded malware. The recipients can only fall victim in this scenario if he/she is deceived into believing that he/she truly won a lottery that was never consciously played or, that he/she deserves a payment that was not knowingly worked for. Many are still falling victims anyway!

Active Email Attacks Although email attacks generally come as deceiving emails from supposedly trusted sources to the targeted victims, active email attack is usually a combination of spoofing and spear phishing techniques in its design. The primary objective is to deceive the targeted individuals into taking some actions that can facilitated the infestation of the targets systems with malwares designed to carry out certain covert functions. Active emails attacks often come as html formatted messages with embedded URL links; sometimes they also come as plain text messages with attached files of concealed active contents. Sending active email attacks require some level of technical prowess unlike the passive attacks. In the same manners dealing with such attacks require more care and tact. They mostly come with carefully spoofed addresses, deceiving short messages requiring your action. They may be presented in a fake copy of a familiar organizations message template structured to fool the recipients into taking certain direct immediate actions like opening an attached file or clicking on a link leading to a rogue website. For emails with malicious codes, attempts to open the attached files or follow the embedded URL links often result in the automatic execution of the malicious codes. Such will cause immediate infection of the exposed system, servers or network with viruses, worms, spywares, Trojans, etc. Criminals seeking to destroy a system or computer network maliciously often adopt these kinds of attacks. Also, rogues seeking to do espionage, steal information from individuals or organization adopt the
By: iyke Ezeugo, Feb 2013

EMAIL ATTACKS AND CRIME INVOLVING EMAIL


same approach as their modus operandi. Stored passwords, secured sites access keystrokes, access to privileged systems accounts, bank account details, intellectual property, information and materials of sensitive nature or significant value are often stolen through these kinds of attacks. A quick example below:

NARRATION: On the left is an example of active email attacks. The attacker tried to falsify FACEBOOK email message template. It is purported to have been sent from FACEBOOK TECHNICAL SUPPORT informing the recipient of his/her profile update and instructing him/her to click a URL link to view the changes. This looks simple but dangerously built to alarm the recipient, stimulate curiosity and provoke quick action. Virtually all the surface of the email template is embedded with active links such that the click of a mouse on any part of the email will produce the senders desired result. To make this look more real, the To pane has the recipients right email address, and also another link at the bottom of the message is provided stating that the email is only to a particular person who has the option of unsubscribing by clicking on the link even as these links appear real and conforming to standard email marketing policy with real physical addresses, they are all fake links. The idea is to ensure that the recipient does not escape the trap - in whichever place the recipient click: whether to view the notification, go to Facebook, click any point in error or smartly attempt to unsubscribe by following the bottom link, he/she would have inadvertently activated the preset action. This capitalizes on the psychology that receiving an email that your carefully guarded (Facebook) account has been changed should naturally cause a panic and, the person cannot just ignore this knowing that he/she did not make any change to his or her profile. Naturally, the setting in of curiosity will make the target to click the provided links with the aim of checking out what has happened and, by so doing he/she would have inadvertently installed malwares into his/her system. What to do: Assuming your spam mail filter did not filter out such mails from your inbox, the solution is to do nothing with such mails but, DELETE WITHOUT DELAY!

By: iyke Ezeugo, Feb 2013

EMAIL ATTACKS AND CRIME INVOLVING EMAIL

Narration:

On the left are more examples of active email attacks.

The examples are endless and crimes involving emails will continue to evolve even in greater dimensions.

Why emails will continue to attract criminals as a tool:


Despite the awareness created by concerned or affected persons and organizations, email crimes like spoofing, spear phishing, malware spread and bullying will continued to thrive This is as a result of the fact that email has certain unique features that makes it increasingly attractive to both ordinary people and criminals. The following is a shortlist of these special features:
The use of email as an acceptable standard means of written communication exchange has now become universal; In addition to leisure and general purposes, email has become increasingly popular as enterprise work solutions and smart resource application among business people and private individuals. By: iyke Ezeugo, Feb 2013

EMAIL ATTACKS AND CRIME INVOLVING EMAIL


Email accounts set up has always been made simple, instantaneous, unregulated and without hassles or cumbersome requirements. Email provides the contemporary world with a substantial feel of the limitlessness in communication exchange as availed by todays borderless internet. Email provides users at the time of its use with an apparent sense of privacy with sealed and secured transactions. Email can be conveniently sent, viewed and replied from any location and from most internet connecting communication gadgets. The ubiquity of smart phones and mobile devices with stable internet connection on the move makes emailing much more convenient. Even those who do not completely trust email assurance of communication privacy are often constrained to use it as there is no suitable alternative that delivers at the same speed and convenience. Additionally, messages of any kind can be composed, sent and delivered in a matter of seconds. The email system has ever remained highly adaptable, even with limited technical knowledge. Email is highly adaptable and offers relative anonymity to users. Many people can be target at the same time which broadens the chances of success and minimizes the chances of absolute failure in any attack. It is easy to squat on a domain, hide under someones identity or even assume the recipients identity,

Owing to the unique nature of emails and the unmatchable value it delivers to the users, email has so evolved that even serious business contracts with substantial monetary values are entered into, fully processed, sustained and finalised through email, and often with no other means of physical contact by the involved parties.

Narration:
On the left is another example of active email attacks. This particular one is purported to have been sent from the FedEx Team. The PRINT RECEIPT button has an active link to malicious codes embedded in it. A click on that will automatically install the malwares. The concept is that naive people will naturally attempt to print the receipt out of curiosity, whether they have any courier with FedEx or not. However, notice that the email address from which the mail was sent has nothing to do with FedEx or the screen name of the sender. Also, this email is address to no named person. However, the question is: why will you want to print a receipt for tracking a parcel you did not send?

By: iyke Ezeugo, Feb 2013

EMAIL ATTACKS AND CRIME INVOLVING EMAIL


Conclusion Consequently, crime involving emails can best be dealt with by email users continually updating themselves and keeping on alert to rightly use the available email filtering mechanisms, timely identify all suspicious but unfiltered email, appropriately analysis these emails at glance and PROMPTLY DELETING THEM for their own safety.

By: iyke Ezeugo, Feb 2013

You might also like