From Wikipedia, the free encyclopedia - View original article
|This article is an orphan, as no other articles link to it. (August 2012)|
Electronic mail (email) is a widely used communication mechanism that can be categorized into two basic types of web-based service: an open web-based email service and a closed web-based service. The first category provides web-based email accounts to anyone for free or at a fee. The second category provides email accounts that are managed by organizations for employees, students, and members only. Commercial and social websites rely on the security of email accounts. Large amounts of email exchanges are occurring daily, some of which contain personal information, company secrets, and sensitive information. This makes email accounts very valuable and becomes one of the main causes of email hacking.
There are a number of ways in which a hacker can illegally gain access to an email account and majority of them rely on user behavior.
As rules that govern unsolicited emails tighten, spammers attempt to find new ways around them. Attackers often send massive email broadcasts with a hidden or misleading incoming IP address and email address. Some users may open the spam, read it, and possibly be tempted by whatever wares or schemes are offered. If the spammer were to get a hold of a company’s sending email and IP address, the impact on the company's business would be devastating. The company’s Internet connection would be terminated by its Internet Service Provider(ISP) if its email and IP address are added to the black list of known spamming addresses. Effectively, this would shut down the company’s online business because none of the emails would reach their destination.
Some emails incorporate a virus as a means of transportation. The Sobig virus is an example of such technology, creating a spamming infrastructure by taking over unwilling participants’ PC. This was a major threat to email security as spam will continue to spread and trigger dangerous viruses for malicious intent.
This type of attack uses email messages from legitimate businesses that the user may be associated with. Although the messages look authentic with all the corporate logos and similar format as the official emails, they ask for verification of personal information such as the account number, password, and date of birth. 20% of unsuspecting victims respond to them, which may result in stolen accounts, financial loss, and even worse, identity theft.
Email on the internet is now commonly sent by the Simple Mail Transfer Protocol (SMTP). This does not encrypt the text of emails and so intercepted mail can be read easily unless the user adds their own encryption. The identity of the sender or addressee of an email is not authenticated and this provides opportunities for abuse such as spoofing. It is important to guard all gateways of a network. Having a firewall and anti-virus software is often not enough for a corporate business. Implementing security measures is a necessity such as installing a sniffer as well as an intrusion detection system (IDS) to make sure that nobody is accessing your network without permission and to detect any network intrusion attempts. In order to spot any vulnerabilities in a company's network, security specialists will perform an audit on the company. They may also hire a Certified Ethical Hacker to perform a mock attack in order to find any gaps in their network security.
Although companies may secure their internal networks, vulnerabilities can also occur through home networking. Email may be protected by methods such as a strong password, encryption of the contents or a digital signature. An email disclaimer may be used to warn unauthorised readers but these are thought to be ineffective. Some times the e mail holder forget to sign out from e mail after using mail from an internet cafe, Then the hackers can take full control of their e mail.
As email has increasingly replaced traditional post for important correspondence, there have been several notable cases in which email has been intercepted by other people for illicit purposes. Email archives from the Climatic Research Unit were leaked to create the scandal popularly known as Climategate. Journalists employed by News International hacked email accounts of celebrities in search of gossip and scandal for their stories. Individuals such as Rowenna Davis have had their accounts taken over and held to ransom by criminals who try to extort payment for their return. The email accounts of politicians such as Sarah Palin have been hacked to try to find embarrassing or incriminating correspondence. On February 8, 2013, the media reported another incident of a compromised email, this time from former United States president George H W Bush. It is reported that the hacker stole photographs and personal emails which included addresses and personal details of several members of the Bush family.