Email hacking is illegal access to
an email account or email correspondence.Email on the internet is now commonly sent by
the Simple Mail Transfer Protocol (SMTP). This does not encrypt the text
of emails and so intercepted mail can be read easily unless the user adds their
own encryption. The identity of
the sender or addressee of an email is not authenticated and this provides opportunities for
abuse such as spoofing.
Email Spoofing
Email spoofing is a
technique used by hackers to fraudulently send email messages in which the
sender address and other parts of the email header are altered to appear as
though the email originated from a source other than its actual source. Hackers
use this method to disguise the actual email address from which phishing and
spam messages are sent and often use email spoofing in conjunction with Web
page spoofing to trick users into providing personal and confidential
information.
Software is usually used
to collect or generate the email addresses that are spoofed. Hackers may create
a virus that examines the contact information on an infected computer. That
information is collected and sent to the hacker who then uses another piece of
software a mass email program to send
out bogus emails using the addresses collected.
Alternatively, hackers
may use software that generates random email addresses to use to disguise the
actual origin of the message being sent.
Types of email hacking
1.Phishing
2.RATS(remote administration
tools)
3.Key logging
4.Social Engineering(technique
used by attacker by answering security question)
5.Side jacking(Session Hijacking)
6.From the mail server
1.Phishing
Phishing is an e-mail fraud method in which the Hacker
sends out legitimate-looking email in an attempt to gather personal and
financial information from recipients. Typically, the messages appear to come
from well known and trustworthy Web sites. Web sites that are frequently
spoofed by phishers include PayPal,
eBay, MSN, Yahoo, Best Buy, and America Online. A phishing expedition, like
the fishing expedition it's named for, is a speculative venture: the phisher
puts the lure hoping to fool at least a few of the prey that encounter the
bait.
Techniques
used within Phishing emails
1.Official
looking and sounding emails
2.Copies
of legitimate corporate emails with minor URL changes
3.HTML
based email used to confuse target URL information
4.Standard
virus/worm attachments to emails
5.A excess
of anti spam-detection inclusions
6.Crafting
of “personalized” or unique email messages
7.Fake
postings to popular message boards and mailing lists
8.Use
of fake “Mail From:” addresses and open mail relays for disguising the source
of the email
An Example of a Fake Gmail Home Page
Things to keep
in mind to avoid Phising attacks
1
Most fake communications convey a sense of urgency by threatening
discontinued service
2.Many fraudulent emails contain misspellings, incorrect grammar,
and poor punctuation.
3
Links within the fake email may appear valid but deliver you to a
fradulent site.
4.Phishing emails often use generic salutations like "Dear
Customer," or "Dear account holder," instead of your nameThe address from which the email was sent is often not one from the
company it claims to be.
An Example Of a Fake Email
2.RATS(remote administration
tools)
A RAT is also a shortcut
called Remote Administrator Tool. It is mostly used for malicious
purposes,
such as controlling PC’s, stealing victims data, deleting or editing some
files. You
can only infect someone by sending him file called Server and they
need to click it.
3.Key logging
Keystroke
logging (more often
called keylogging or "keyloggers") is the
action of tracking (or logging) the keys struck on a keyboard, typically in a secret manner so that the person using the
keyboard is unaware that their actions are being monitored. There are numerous
key logging methods, ranging from hardware and software-based approaches to electromagnetic and acoustic analysis.
Types Of Keyloggers
1.Software-based Keyloggers
1.Software-based Keyloggers
2.Hardware-based Keyloggers
1.Software-based Keyloggers
Software based Keyloggers record each and every keystroke typed with the help of a Software.These keystrokes are stored in a log file.
An example of Keystroke log file
2.Hardware-based Keyloggers
Hardware based keyloggers record each and every keystroke typed with the help of a
Hardware device.
An Example of a typical Hardware Keylogger
An Example of how Hardware Keyloggers are connected to the system.
Countermeasures
Use of Virtual keyboard or On-Screen Keyborad can be an effective method to avoid
keyloggers.But,it will not work under certain circumstances.
4.Social Engineering(technique used by attacker by
answering security question)
Social
engineering is the
human side of breaking into a corporate network. Companies like ours with
authentication processes, firewalls, VPNs and network monitoring software are
still wide open to an attack if an employee unwittingly gives away key
information in an email, by answering questions over the phone with someone
they don’t know or failing to ask the right questions.
Forms of Social Engineering
Social
engineering is not
limited to phone calls; many organizations have reported cases involving
visitors impersonating a telephone repair technician requesting access to a
wiring closet or a new member of the IT department needing help accessing a
file.
People, for
the most part, look at social engineering as an attack on their intelligence and
no one wants to be considered “ignorant” enough to have been a victim. It’s
important to remember that no matter who you are, you are susceptible to a social
engineering attack.
If you
suspect social engineering – don’t be afraid to ask questions
and/or notify your IT department. If a caller requests information that is
technical in nature, please refer them to your IT department.
How to prevent social Engineering
1.usernames;
Administrators should know it or can find out themselves
2.passwords;
Administrators can ask your to enter it into the computer, but don't tell
anyone
3.ID
numbers
4.PIN
numbers
5.server
names
6.system
information
Session Hijacking is an attack by which a hacker exploits a valid
computer session and gains access to a client’s session identifier. Since HTTP
is a stateless protocol, when a user logs into a website, a session is created
on that Web Server for that user, this session contains all this user's
information being used by the
server so the username and password is not needed at every page request. The
server uses a unique identifier(Session Identifier) to authenticate this user
to this session, this session identifier is passed between the web server and
the user's computer at every request. Session Hijacking is an attack by which
the hacker steals this user's session identifier and then sends this session
identifier as their own to the server and tricks the server into thinking they
are that user.
After
gaining access to a client’s session identifier for a website, the hacker then
injects the client’s session identifier into his/her browser. From then on,
when that attacker connects to that website, since his session identifier is
the same as the authentic user, he will be logged in as that userand will have
access to all of that user’s information and privileges on that website. Note -
attackers cannot get a user’s password using session hijacking.
1. Use
Secure Connections (Achieved through Secure Socket Layer(SSL) as much as
possible, since SSL creates an encrypted connection between the client and
server, any data the attacker steals during this transfer would be useless to
them. However, SSL does not fully secure against this attack, and hackers can
still use session hijacking even over HTTPS
2. Regenerate
user's session identifier often, therefore, even though the attacker may manage
to steal a user's session identifier, when it is regenerated, the Session
Identifier he stole would be useless.
3. You
can implement an IP Address Check to match a user's Session Identifier to
his/her IP Address. However this may have its limitations.
6.From the mail server
