Email hacking

Lua error in package.lua at line 80: module 'strict' not found.

OPSEC warning military personnel not to use email accounts with weak security.

Email hacking is the illegal access to or manipulation of an email account or email correspondence.^[1][2]

Overview

Email is a widely used communication mechanism that can be categorized into two basic types of web-based service: open and closed. Open web-based services provide email accounts to anyone, either for free or for a fee. Closed web-based services are managed by organizations who provide email accounts only to their members.^[3] Email is used by commercial and social websites because of its security. Email is an increasingly common tool used to communicate. The main reason email accounts are hacked is to access the personal, sensitive, or confidential information that they might contain.

Attacks

There are a number of ways in which a hacker can illegally gain access to an email account, and the majority of them rely on the behaviour of the account's user.

Spam

<templatestyles src="Module:Hatnote/styles.css"></templatestyles>

Spam is created by attackers who send unsolicited commercial or bulk email. Spammers continuously attempt to find new ways around the increased legislation and policies governing unsolicited emails. Attackers often send massive email broadcasts with a hidden or misleading incoming IP address and a hidden or misleading email address.^[4] If the spammers were to gain access to a company’s email and IP address, the impact on the company's business could be devastating. The company’s Internet connection would be terminated by its Internet Service Provider (ISP) if its email and IP address are added to the black list of known spamming addresses. Effectively, this would shut down the company’s online business because none of the emails would reach their destination.

Virus

<templatestyles src="Module:Hatnote/styles.css"></templatestyles>

A virus incorporates email as a means of transportation. This type of virus is often called a worm - the Sobig virus is an example. This virus creates a spamming framework by taking over unwilling participants’ PCs.^[4] This is a major threat to email security because the spam will continue to spread, triggering dangerous viruses with malicious intent.

Phishing

<templatestyles src="Module:Hatnote/styles.css"></templatestyles>

Phishing is a type of attack that involves emails that appear to be from legitimate businesses that the user may be associated with. Phishing messages look authentic, with all the corporate logos and formats similar to that of official emails. These messages ask for verification of personal information, such as: an account number, a password, or a date of birth. Twenty percent of unsuspecting victims respond, which may result in stolen accounts, financial loss, or even identity theft.^[4]

Preventing email hacking

Email on the internet is commonly sent by the Simple Mail Transfer Protocol (SMTP). SMTP does not encrypt the text of emails, so intercepted mail can be read easily unless encryption is used. The identity of the sender or addressee of an email is not authenticated, and this allows opportunities for abuse, such as spoofing.^[5] It is important to guard all gateways of a network. Having a firewall and anti-virus software are adequate for personal use; however, this is often not enough for a corporate business. Security measures such as a sniffer and an intrusion detection system (IDS) determine if someone is accessing the network without permission, detecting any network intrusion attempts. In order to spot any weaknesses in a company's network, security specialists will perform an audit on the company. They may also hire a Certified Ethical Hacker to perform a simulated attack in order to find any gaps in existing network security.^[6]

Although companies may secure its internal networks, vulnerabilities can also occur through home networking.^[6] Email may be protected by methods, such as, creating a strong password, encrypting its contents, or using a digital signature. An email disclaimer may be used to warn unauthorized readers, but these are thought to be ineffective.^{[by whom?]}

Cases of email hacking

Email is increasingly replacing letter mail for important correspondence, and the increase of email usage has led to several notable cases in which emails were intercepted by other people for illegal purposes. For example, email archives from the Climatic Research Unit were leaked to create the scandal popularly known as Climategate.^[7] Journalists employed by News International hacks email accounts of celebrities in search of gossip and scandal for their stories.^[8] Individuals, such as, Rowenna Davis have had their accounts taken over and held ransom by criminals who tried to extort payment for their returned use.^[9] The email accounts of politicians, such as Sarah Palin have been hacked in order to find embarrassing or incriminating correspondence.^[10] On February 8, 2013, the media reported another incident of compromised email. This time from former United States president, George H.W. Bush. It was reported that the hacker stole photographs and personal emails, including addresses and personal details of several members of the Bush family.^[11]

References

<templatestyles src="Reflist/styles.css" />

1. ↑ Lua error in package.lua at line 80: module 'strict' not found.
2. ↑ Lua error in package.lua at line 80: module 'strict' not found.
3. ↑ Lua error in package.lua at line 80: module 'strict' not found.
4. ↑ ^{4.0 4.1 4.2} Lua error in package.lua at line 80: module 'strict' not found.
5. ↑ Lua error in package.lua at line 80: module 'strict' not found.
6. ↑ ^{6.0 6.1} Lua error in package.lua at line 80: module 'strict' not found.
7. ↑ Lua error in package.lua at line 80: module 'strict' not found.
8. ↑ Lua error in package.lua at line 80: module 'strict' not found.
9. ↑ Lua error in package.lua at line 80: module 'strict' not found.
10. ↑ Lua error in package.lua at line 80: module 'strict' not found.
11. ↑ Lua error in package.lua at line 80: module 'strict' not found.