email attacks and crime involving email

7/29/2019 EMAIL ATTACKS AND CRIME INVOLVING EMAIL

1/11

EMAIL ATTACKS AND CRIME INVOLVING EMAIL

By: iyke Ezeugo, Feb 2013

Abstract

Ever since the emergency of the internet and subsequent discovery ofthe electronic mail (email) system as a fast, efficient and seeming

secured means of written communication exchange; email hascontinued to gain popularity and attract more users for varied purposes.Emails convenient-to-use, relative anonymity and borderless attributesmay have informed its apparent advances in replacing the traditionalpostal mail systems, and in the attraction of wide-ranging businessesand criminal applications. Presently, amazing amount of emails are sentand received every day and; interestingly, lots of easily convertiblemonetary values transit through these emails on second-by-secondbases.

Many private individuals, groups and organizations have sufferedtremendous losses in revenue and other resources on account of crimesinvolving emails. Organizational databases, work platforms, corporatecommunications, treasuries and valuable resources stored in electronicform are often broken into by criminals through email attacks usingsocial engineering on hoax mails or spear phishing emails. Habitually,people get paranoid at the slightest thought of these crimes due to theirstrange natures, the level of devastation they wreck in a very short time,their increasing rates of occurrences and their rising successfulness.

Demystifying these common but persisting crimes involving emails is themotivation for this write-up. Therefore, sharing this information innontechnical language for the understanding of all is the principalobjective; particularly as this is considered the most effective means ofextending real help to victims, potential targets and everyone that usesemail. I believe discussing this with common examples will be helpful.


2/11



Below is a good example of a spear phishing email purported to have been sent from ABSA and intended to deceive

the banks customers. Unfortunately, the criminals usually send such emails indiscriminately and often to all

addresses in their address book, not minding that their game can be knocked if the email gets to recipients who have

no business with the ABSA bank.

This is an active email attack with malicious codes embedded in an attached electronic file presented as the

recipients bank account statement. Notice that even as the sender tried to present an email address

([email protected]) on a domain (absa.co.za) that looks real, the email supposedly bearing an individual customers

electronic account statement is actually sent to many undisclosed-recipients, and also addressed to no particular

person (Dear Customer). Can a genuine financial institution truly do this?

Importantly, considerable effort is put in imitating the banks stationery and logo with the aim of deceiving naive

people. A dangerous dimension to this will be to format the email template as a picture and embed a hyperlink on the

entire body of the mail that a click at any point will automatically execute the malicious code. This informs the reason

why the best approach to dealing with this is to delete all suspicious mails without attempting anything smart.
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]


3/11



Overview of crimes involving email

A closer look will reveal that there is nothing magical or mysterious about crimesinvolving emails as the said crimes are still the same age-long traditional crimeswhich only found electronic enhancements or technological facilitation in their

perpetration and concealment. Basically, the email system provides certain usefulincentives which seem to have made it an attractive hub for criminals. Some of theseenticements include email affordability, speed, hassle-free account setup, relativeanonymity, email exceptional usage convenience and adaptability. Unfortunately,these powerful incentives are not only available to genuine and rational users but,they are also inadvertently extended to those that abuse and misuse technology forcriminal activities. As a result, crimes involving emails are increasingly becomingprominent and persistent in our time. The principal reasons for these are directlylinked to the numerous powerful incentives offered by email in its intrinsic attributes,in addition to the superficial privacy and the increasing application universality it

offers. Whereas many email attacks can be targeted to individuals and smallorganizations, spear phishing attacks are predominantly aimed at popular emailservice vendors and large companies (Miguel Gomez, 2011).

Many unsuspecting private and corporate email users have severally fallen victims

and consequently suffered tremendous losses resulting from various email attacks.

There are no exceptions, even with reputable and supposedly highly equipped

organizations like Google, Microsoft, EPILON, RSA, HBGary, Banking institutions,

National Intelligence Agencies, Military Formations, Policing Authorities, Diplomatic

Missions, Governmental Bodies, e-businesses, etc. However, it might be useful to

note that not all attacks on the information system are launched through email. Somepotent attacks on information systems are sometimes a combination of different

strategies. Below are quick examples of directed intensive attacks that have made

very significant marks in the past few years:

Hacktism attack: this is usually launched by group of anonymous

referred to as hacktivists. Predominantly, their targets include diplomatic

institutions, government agencies and notable corporate entities. Their

motivation is claimed to be closely linked to activism and protests for various

pursuits, including free speech on the web.

The script kiddies attack: this is launched on mostly payment platform

sites like Visa, MasterCard, PayPal, Interswitch, E-transact, etc.

The Pfc attack: this is mostly directed on diplomatic cables and the attack

proceeds are usually availed in Wikileak.

Some historic attacks that were outstandingly successful in their mission include:

The 1999 Love Bug virus which wreaked havoc in millions of computers

connected to the internet in less than 36hrs that it was released.


4/11



The 2000 Canadian 15 years old Mafiaboy attack labeled Project revolta

launched against Yahoo, CNN, eBay, Dell, & Amazon;

The 2008 Project Chanology. By the Anonymous which briefly pulled downthe Church of Scientologys website.

The 2010 Operation Aurora attack - a phishing attack launched through a

malware exploiting the 'zero-day' security vulnerability in the Microsoft

Internet Explorer browser to load malicious codes that extracts targeted

information from the exploited systems. Google reported to have sustained

serious loss of intellectual property as a result. There are still many more

recent ones.

Email attacks and their unique natures: Passive Email Attacks

Email attacks can be categorized into two major groups: Passive and Active

attacks. The passive email attacks are the category of spoofing emails that have no

active malicious codes embedded in the message but, the email has plain con

messages designed to deceive the unsuspecting message recipients into taking

certain nontechnical actions that exposes the recipients guards while availing the

sender undue advantage over him/her. Such emails often deploy the social

engineering approach - seeking to deceive the recipients into providing vital and

confidential information to the wrong persons and for the wrong purpose. Sometimes

such mails are also designed to deceptively lead victims into making payments for

nonexistent goods or services, etc.

Below are quick examples of such emails:


5/11



NARRATION:

The above is a typical simple spoofed email structured to appear as if it was sent from Facebook. Facebook is usedin the crime because it is a renowned organization that can easily win recipients trust and help the perpetrator in

overcoming the initial suspicion. Once the targets trust is won on the first sighting of the email, the unsuspecting

user will be misled into opening the mail on the assumption that his/her Facebook team is trying to contact

him/her. On opening the mail, it will be found that it is only a mail from a supposedly female Facebook user

(Melissa) purported to be earnestly seeking for your love. You could easily fall victim, if your mission on Facebook is

to find strange lovers, you will quickly jump at the offer and add the address for a chat. This will subsequently open

your systems doors defenselessly to all manners ofcon, attacks or malwares.

Meanwhile, observe that the email was sent from a fake email address ([email protected]) that has

nothing to do with Facebook. To further remove suspicion by hiding other many recipients it was copied, the

sender uses one of his/her fake email addresses ([email protected]) on the To box, and then used

the Bcc to copy all other recipients. The cc column is left vacant so that the other people copied in the message

will not appear to each recipient. This is aimed at making it appear as though it was a private mail sent to a

particular individual (you) thereby eliminating the usual concern when To: undisclosed recipients is seen in the

To column when the sender uses the bcc key alone to copy all recipients. Again, notice that the email is not

addressed to any particular person, Hey Babe is used to conceal that part.
mailto:[email protected]:[email protected]:[email protected]:[email protected]


6/11




7/11



Active Email Attacks

Although email attacks generally come as deceiving emails from supposedly trusted

sources to the targeted victims, active email attack is usually a combination of

spoofing and spear phishing techniques in its design. The primary objective is todeceive the targeted individuals into taking some actions that can facilitated the

infestation of the targets systems with malwares designed to carry out certain covert

functions.

Active emails attacks often come as html formatted messages with embedded URL

links; sometimes they also come as plain text messages with attached files of

concealed active contents. Sending active email attacks require some level of

technical prowess unlike the passive attacks. In the same manners dealing with such

attacks require more care and tact. They mostly come with carefully spoofed

addresses, deceiving short messages requiring your action. They may be presented

in a fake copy of a familiar organizations message template structured to fool the

recipients into taking certain direct immediate actions like opening an attached file or

clicking on a link leading to a rogue website.

For emails with malicious codes, attempts to open the attached files or follow the

embedded URL links often result in the automatic execution of the malicious codes.

Such will cause immediate infection of the exposed system, servers or network with

viruses, worms, spywares, Trojans, etc. Criminals seeking to destroy a system or

computer network maliciously often adopt these kinds of attacks. Also, rogues

seeking to do espionage, steal information from individuals or organization adopt the

NARRATION:

The above two emails are spoofing emails of about the same nature. They are purposed for swindling naive folks.

They are purported to be coming from organizations seeking to transfer funds or pay won lottery to the email

recipients. The second mail ispurported to be coming from UN payment office and, to undisclosed-recipientshas a PDF document as attachment.

The attached documents content is structured to convince the recipient of his/her wining a lottery even as he/she

did not play any lottery. Sometimes they claim that it is the recipients email account (though usually unidentified)

has won an unannounced automated random selection lottery. The amount won in most cases are usually massive

and very tempting. This is purely a deceiving email sent from a fake email account created in an safrican.com

domain, branded UN payment office, and sent to many undisclosed-recipients using the blind carbon copy bcc

key in the mail compose pane.

One good thing about this simple spoofing email is that the PDF attachment is safe to open and it has no embedded

malware. The recipients can only fall victim in this scenario if he/she is deceived into believing that he/she truly

won a lottery that was never consciously played or, that he/she deserves a payment that was not knowingly

worked for. Many are still falling victims anyway!


8/11



same approach as their modus operandi. Stored passwords, secured sites access

keystrokes, access to privileged systems accounts, bank account details, intellectual

property, information and materials of sensitive nature or significant value are often

stolen through these kinds of attacks. A quick example below:

NARRATION:

On the left is an example of active email attacks. The attacker tried to falsify FACEBOOK email message template. It

is purported to have been sent from FACEBOOK TECHNICAL SUPPORT informing the recipient of his/her profile

update and instructing him/her to click a URL link to view the changes. This looks simple but dangerously built to

alarm the recipient, stimulate curiosity and provoke quick action. Virtually all the surface of the email template is

embedded with active links such that the click of a mouse on any part of the email will produce the senders desired

result.

To make this look more real, the To pane has the recipients right email address, and also another link at the

bottom of the message is provided stating that the email is only to a particular person who has the option of

unsubscribing by clicking on the link even as these links appear real and conforming to standard email marketing

policy with real physical addresses, they are all fake links. The idea is to ensure that the recipient does not escape

the trap - in whichever place the recipient click: whether to view the notification, go to Facebook, click any point in

error or smartly attempt to unsubscribe by following the bottom link, he/she would have inadvertently activated

the preset action.

This capitalizes on the psychology that receiving an email that your carefully guarded (Facebook) account has been

changed should naturally cause a panic and, the person cannot just ignore this knowing that he/she did not make

any change to his or her profile. Naturally, the setting in of curiosity will make the target to click the provided links

with the aim of checking out what has happened and, by so doing he/she would have inadvertently installed

malwares into his/her system.

What to do:

Assuming your spam mail filter did not filter out such mails from your inbox, the solution is to do nothing with

such mails but, DELETE WITHOUT DELAY!


9/11



Why emails will continue to attract criminals as a tool:

Despite the awareness created by concerned or affected persons and organizations,email crimes like spoofing, spear phishing, malware spread and bullying willcontinued to thrive This is as a result of the fact that email has certain uniquefeatures that makes it increasingly attractive to both ordinary people and criminals.The following is a shortlist of these special features:

The use of email as an acceptable standard means of written communicationexchange has now become universal;

In addition to leisure and general purposes, email has become increasingly

popular as enterprise work solutions and smart resource application amongbusiness people and private individuals.

Narration:

On the left are more

examples of active

email attacks.

The examples are

endless and crimes

involving emails will

continue to evolve

even in greater

dimensions.


10/11



Email accounts set up has always been made simple, instantaneous,unregulated and without hassles or cumbersome requirements.

Email provides the contemporary world with a substantial feel of the limitlessnessin communication exchange as availed by todays borderless internet.

Email provides users at the time of its use with an apparent sense of privacy withsealed and secured transactions.

Email can be conveniently sent, viewed and replied from any location and frommost internet connecting communication gadgets.

The ubiquity of smart phones and mobile devices with stable internet connectionon the move makes emailing much more convenient.

Even those who do not completely trust email assurance of communicationprivacy are often constrained to use it as there is no suitable alternative thatdelivers at the same speed and convenience.

Additionally, messages of any kind can be composed, sent and delivered in amatter of seconds.

The email system has ever remained highly adaptable, even with limitedtechnical knowledge.

Email is highly adaptable and offers relative anonymity to users.

Many people can be target at the same time which broadens the chances ofsuccess and minimizes the chances of absolute failure in any attack.

It is easy to squat on a domain, hide under someones identity or even assumethe recipients identity,

Owing to the unique nature of emails and the unmatchable value it delivers to theusers, email has so evolved that even serious business contracts with substantialmonetary values are entered into, fully processed, sustained and finalised throughemail, and often with no other means of physical contact by the involved parties.

Narration:

On the left is another example of

active email attacks. This particular

one is purported to have been sent

from the FedEx Team. The PRINT

RECEIPT button has an active link to

malicious codes embedded in it. A

click on that will automatically install

the malwares. The concept is that

naive people will naturally attempt toprint the receipt out of curiosity,

whether they have any courier with

FedEx or not.

However, notice that the email

address from which the mail was sent

has nothing to do with FedEx or the

screen name of the sender. Also, this

email is address to no named person.

However, the question is: why will

you want to print a receipt fortracking a parcel you did not send?


11/11



Conclusion

Consequently, crime involving emails can best be dealt with by email users

continually updating themselves and keeping on alert to rightly use the available

email filtering mechanisms, timely identify all suspicious but unfiltered email,

appropriately analysis these emails at glance and PROMPTLY DELETING THEM for

their own safety.

email attacks and crime involving email

Documents