Email Spoofing
Email spoofing is the forgery of an Email header so that the message appears to have originated from someone or somewhere other than the actual source. Distributors of spam often use spoofing in an attempt to get recipients to open, and possibly even respond to, their solicitations. Spoofing can be used legitimately.
There are so many ways to send the Fake Emails even without knowing the password of the Email ID.
The Internet is so vulnerable that you can use anybody's Email ID to send a threatening Email to any official personnel.
Methods to send fake Emails
Open Relay Server
Web Scripts
Fake Emails: Open Relay Server
§ An Open Mail Relay is an SMTP (Simple Mail Transfer Protocol) server configured in such a way that it allows anyone on the Internet to send Email through it, not just mail destined ‘To’ or ‘Originating’ from known users.
§ An Attacker can connect the Open Relay Server via Telnet and instruct the server to send the Email.
§ Open Relay Email Server requires no password to send the Email.
Fake Emails: via web script
§ Web Programming languages such as PHP and ASP contain the mail sending functions which can be used to send Emails by programming Fake headers i.e.” From: To: Subject:”
§ There are so many websites available on the Internet which already contains these mail sending scripts. Most of them provide the free service.
§ Some of Free Anonymous Email Websites are:
§ Mail. Anonymizer. name (Send attachments as well)
PHP Mail sending script
Consequences of fake emails
§ Email from your Email ID to any Security Agency declaring a Bomb Blast can make you spend rest of your life behind the iron bars.
§ Email from y ou to your Girlfriend or Boyfriend can cause Break-Up and set your friend’s to be in a relationship.
§ Email from your Email ID to your Boss carrying your Resignation Letter or anything else which you can think of.
§ There can be so many cases drafted on Fake Emails.
Proving a fake Email
§ Every Email carry Header which has information about the Travelling Path of the Email
§ Check the Header and Get the location from the Email was Sent
§ Check if the Email was sent from any other Email Server or Website
§ Headers carry the name of the Website on which the mail sending script was used.
Email Bombing
§ Email Bombing is sending an Email message to a particular address at a specific victim site. In many instances, the messages will be large and constructed from meaningless data in an effort to consume additional system and network resources. Multiple accounts at the target site may be abused, increasing the denial of service impact.
Email Spamming
Email Spamming is a variant of Bombing; it refers to sending Email to hundreds or thousands of users (or to lists th at expand to that many users). Email spamming can be made worse if recipients reply to the Email, causing all the original addressees to receive the reply. It may also occur innocently, as a result of sending a message to mailing lists and not realizing that the list explodes to thousands of users, or as a result of a responder message (such as vacation(1)) that is setup incorrectly.
Email Password Hac king
§ There is n o specified attack available just to hack the password of Email accounts. Also, it is not so easy to compromise the Email server like Yahoo, Gmail, etc.
§ Email Password Hacking can be accomplished via some of the Client Side Attacks. We try to compromise the user and get the password of the Email account before it reaches the desired Email server.
§ We will cover many attacks by the workshop flows, but at this time we will talk about the very famous 'Phishing attack'.
Securing your Email account
§ Always configure a Secondary Email Address for the recovery purpose.
§ Properly configure the Security Question and Answer in the Email Account.
§ Do Not Open Emails from strangers.
§ Do Not Use any other’s computer to check your Email.
§ Take Care of the Phishing Links.
§ Do not reveal your Passwords to your Friends or Mates.
No comments:
Post a Comment
Please drop your comments