The Threats to Email Security
May 28, 2009
In today’s interconectd and networked world email has arisen as one of the most critical applications in use by businesses large and small as well as by individuals for personal use. It has become the primary method of communication between businesses, banks, financial institutions and their customers as well as an ever growing internal communication method between managers employees and customers within the organisation. It is also a primary means of communication among individuals, particularly in that of freindships and families seperated by distance.
Driven by its extremely low variable cost, ease of use and the fact that SMTP standard has made email interoperable around the globe email has become the default files transfer mechanism and communication tool among orgnisations and businesses. In fact four out of five use email for critical activities like transmitting and accepting proposals, finalizing agreements and transmitting business critical records of all sorts.
Unfortunately though, email is also one of the most vulnerable pieces of infrastructure on the networked world. Before the advent of email scammers had to invest a hug amount of time and money to each potential victim individually whether it were by post, fax, telephone or direct contact. Today, however email has allowed for anonymity, convenience and the capability to reach thousands of potential victims all at once. Thus only a few people need be tricked in order to make a generous return and have the ruse pay-off.
Email can also pose a security risk to companies that send their confidential information via the internet. Most of such files would have their data encrypted, yet cyber criminals are always coming up with new ways to capture and access such information. The best protection would be to keep updating such encryption services and educating staff and employees of the risks involved.
The Threat
There are a variety of tactics used by fraudster and scammers via the email that can lead to breaches of personal security and identity fraud. The scams attempted via email, run from old fashion bait and switch operations to phising schemes involving the use of false emails and bogus websites and popups that seek to illicit personal and sensitive information which can then be used to steal your identity. Others will just direct you to a website with malicious programs and scripts which search your computer and gather personnel information that can be sent over the web to the scammer. Other scams will try to persuade you to deposit an amount of cash into an account, promising a greater return in the future. To comabat these scams the first step is to understand what they are, what they look like, how they work and what you can do to avoid them altogether.
The aim of such unsolicited emails is to gather your personal information for fraudulent and criminal purposes, such as stealing your identity and running up large purchases and bills or to conduct criminal activity. Others will use your computer to launch attacks on other unsuspecting people and organisations, thus hiding their identity. This can result in a criminal record, bad debt and a terrible credit rating on the victims names, which can take years to clear and settle.
The Scams
Nigerian/419
These scams are usually quite elaborate and often call for an immediate and urgent response. These are usually conducted by con artists who claim to be business people, officials or spouses of former government regimes within another country who have a large sum of money tied up and are requesting your help to recover these funds in return for a share of it. They will ask for a transfer of funds to their account for various fees and will almost certainly delay payments citing various emergencies, which unsurprisingly will requiring more of your money. They may also produce documents that look official to convince you of their story. In the end though there aren’t any profits and the con artist will cut off all communication and vanish. Some cases have even resulted in people being beaten, subject to threats and extortion and even murder. Most of these scams have been conducted by Nigerian Citizens although numerous neighbouring countries have also had been reported. Thus the name originating from the section of the Nigerian Penal Code that adresses this means of fraud “419″.
Phishing
Phishing emails claim to be from a business or organisation you have dealings with, such as a bank, government agency, an online payment service or an internet service provider. But actually they are really carefully crafted fakes that seek to illicit sensitive and private information such as your date of birth, address, bank account and credit card details or your social security number, all the information they need to steal your identity and raid all your accounts. The message will ask you to “update”, “validate” or “confirm” your account information or face dire consequences. Usually they will request you to click a link included in the email and complete the online form. The link may sometimes lead you to a website that will download a program that logs your keys and sends it back to the scammer.
Check Overpayment Scams
A response to your ad or online auction posting is received, with an offer to pay with the cashier’s, personal, or corporate check. At the last minute the so called buyer will come up with a reason to write the check for more than the purchase price requesting you wire back the the difference after you deposit the check. Typically the check will be a counterfeit but are usually hard to distinguish and therefore are processed by the bank tellers, therefore increasing the balance in your account. All seeming right you wire back the difference, only to find out days later that the check bounces and you’re left responsible for the whole account. Thus, not only has the scammer gotten his purchase but also received a generous some for his purchase.
Virus and Trojan Horse Emails
These Emails exploit people’s curiosity by promising something off interest in the attachment. Once the attachment is open it may download malicious software that can turn your computer into a bot, create a security vulnerability on your computer, monitor your online transactions, allow an attacker to access your files or log your keys so that they can ferret out your passwords. Sometimes it may even download or lead your browser to inappropriate content at its own will. These emails sometimes employ the accounts of those you know to send you the malicious software and further distribute the virus. The virus would spread by searching all the addresses on an infected computer and then sending themselves to these adresses. So that even familiar “from” address, such as friends emails, does not ensure safety. If in doubt regards an email verify it with your friend before opening any attachments.
Bogus Business Opportunities
These scams are mostly regarded as spam and deleted without consideration, but some prove to be quite convincing and effective. The scams promise of the opportunity to make a great deal of money with very little effort. They’re usually full of enticement such as “be your own boss”, “work from home”, “get rich quick”. But they rarely provide any information on the job and responsibilities and will require you to make a payment for an information scheme. There may as well be hidden fees, contributions and purchases needed to make to be able to partake of the scheme. Once you’ve made the payment the promoters usually refuse to pay, claiming your work isn’t up to their standards.
Health and Diet Scams
Emails claiming fast and effective relief of ailments or medical breakthroughs and cures are most likely too good to be true and they are. These emails prey on the insecurities some people have as regards their health and state of well being, in particularly when these people feel embarrassed to talk about their problems with their doctors. The scams lure consumers with the promise of quick fixes or cures with amazing results, discount pricing, fast delivery, discreet packaging and sometimes the backing of customer and doctor testimonials. These products more than likely prove to be duds and have no effect at all.
Quick Tips
Although you cannot perhaps be 100% sure that you will not be a victim of a scam, fraud or identity theft, you can lower the chances of doing so by following the simple tips below.
• Never reply to an email or pop-up message that is asking for personal and sensitive information. Legitimate companies will not ask for this information via email. The safest course of action is to contact the company directly either by a legitimate number from the phone directory or by visiting the official website (do not use the link contained in the email). If you discern it is a fake, send the email to the company concerned specifying that.
(for more info check out the how to discern a legitimate email from a fake section).
• Never send your personal information such as bank and credit numbers, pins, social security numbers etc. via email, as email is not a secure connection and can lead to your details being exposed. As a general rule never give any personal information over the phone, email or any other means without knowing who you are dealing with. If you do need to provide such information only provide the bare minimum and always ask why such information is needed and how long it will be kept for.
• Never click on links or hyperlinks within an email message, nor copy the links into the address bar. Type in the legitimate web address yourself that you know to be correct.
• Treat email attachments with caution even those that claim to be sent from friends or those you know. If unsure verify with your friend if they had sent you that particular email and attachment.
• Never reply to unsolicited email requesting you be taken off their mailing list. That just confirms your email address works and that you exist. Simply delete the email and remove it and any attachments from your computer.
• Don’t trust unsolicited email. If it sounds too good to be true it usually is.
• Install a personal firewall and antivirus software and keep them up to date.
How To Recognise A Fake Email
• Look for loose and poor spelling or grammar that is not characteristic of the company your dealing with. Incomplete sentences and missing punctuation are a clear give away.
• Be wary of the information requested, a bank or legitimate organisation will not ask for your personal information over email.
• Look for stretched or pixelated logos or marks that seem to be unofficial and fake.
• Google the email reference (from address) to see if it listed as a scammer’s.
• Check the email reference to see if it were coming from a legitimate company’s address.
• Place your cursor over any links to reveal the real site address.
Either way you should not respond to any company requesting personal information over email. Use your discretion, if the facts aren’t matching up it most likely is a fake email and a fraud.
