Presentation is loading. Please wait.

Presentation is loading. Please wait.

Analysing Emails Michael Jones. Overview How email works Types of crimes associated with email Mitigations Countermeasures Michael Jones2Analsysing emails.

Published byShana Jackson Modified over 8 years ago

Similar presentations

Presentation on theme: "Analysing Emails Michael Jones. Overview How email works Types of crimes associated with email Mitigations Countermeasures Michael Jones2Analsysing emails."— Presentation transcript:

1 Analysing Emails Michael Jones

2 Overview How email works Types of crimes associated with email Mitigations Countermeasures Michael Jones2Analsysing emails

3 How Email Works Email uses Simple Mail Transport Protocol (SMTP) – Normally linked to port 25 Text-based protocol – All commands are written in plaintext No verification or encryption – Of sender’s credentials – Of the integrity of the message For more information – Search for “smtp tutorial” Michael Jones3Analsysing emails

4 Mail Forwarding A mail server might not have direct access to the server that owns the recipient’s account The mail is then forwarded to another server that might have that information The details of each server are added to the START of the message The originating location is thus the last one (in the header) – Providing no spoofing has gone on Michael JonesAnalsysing emails4

5 Email-related Crime Email spoofing Sending malicious codes through email Email bombing Sending threatening emails Defamatory emails Email frauds For more information: – Search for “email-related crime” or “email crime” Michael Jones5Analsysing emails

6 Email Spoofing Techniques – Suggesting the email comes from someone other than the actual sender – Typing incorrect sender details Example crime: spamming – Most email on the Internet is spam – Spamming is not a criminal offence – Compromised or rogue servers used to mask the original location from which the emails were sent – Most spam is motivated by money E.g., getting people to buy drugs – Almost all companies now employ spam filtering software Michael JonesAnalsysing emails6

7 Sending Malicious Code via Email Code included in an attachment User opening attachment is interpreted by the software as implying that the user trusts the contents of the attachment Example: I Love You More sophisticated emails might suggest that the attachment is a security patch that must be applied – E.g., sender spoofs the email as being from a trusted security company Michael Jones7Analsysing emails

8 Email Bombing Swamping someone’s email account Direct technique – Sending lots of emails – often with attachments – Fairly easily detected Indirect technique – Subscribe the user to many mailing lists – Difficult to prevent, and time-consuming to counteract Michael JonesAnalsysing emails8

9 Sending Threatening Emails Example of cyber bullying – Prevalent in many schools (but methods are often linked to chat and SMS) Intentions: – Blackmail (e.g., by attaching or including apparently incriminating images or facts) E.g., for money or information – Social exclusion – by children Michael JonesAnalsysing emails9

10 Defamatory Emails Defamatory = words intended to harm another Sent either to the person or to someone else Example: – Bill sends an email to Emma suggesting it comes from John. The email contains malicious information about Julie. Julie is being defamed, and the implication is that John is the perpetrator Michael JonesAnalsysing emails10

11 Email Frauds Phishing – User is tricked into not only revealing their bank details, but into allowing the attacker to take money from their account How it works – Depends on the delays in the banking clearing system – Attacker appears to deposit a large amount of money in the victim’s account – Victim allows the attacker to take ‘commission’ for the transaction – A few days later, the bank clearing system catches up and finds that the deposit was fraudulent – The only valid transaction is the one FROM the victim’s account Michael JonesAnalsysing emails11

12 Mitigations Mitigation – counteracting something that has already occurred Email mitigation is difficult – Direct bombing can be detected and countered – Attachments can be quarrantined Michael JonesAnalsysing emails12

13 Countermeasures Techniques Spam detection and filtering – User education E.g., do not open attachments you do not trust – Hiding email addresses E.g., not placing them directly on a web page – Hiding them using JavaScript – JavaScript puts the email together from various fragments Spam software ‘harvests’ email addresses by scanning web pages Michael JonesAnalsysing emails13

14 Summary Most malicious email activity is relatively harmless at the company or country level But not at the individual level Users need to see email as indicative, not definitive Michael JonesAnalsysing emails14

Download ppt "Analysing Emails Michael Jones. Overview How email works Types of crimes associated with email Mitigations Countermeasures Michael Jones2Analsysing emails."

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Basic Communication on the Internet:

Basic Communication on the Internet:
What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.

COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.
Email. Email: How it works? To send an email you need an email Software or Web Based email To send an email to a friend you need to know their email Address.

. How it works? To send an you need an Software or Web Based To send an to a friend you need to know their Address.
Breaking Trust On The Internet

Breaking Trust On The Internet
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing emails are designed.

Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing s are designed.
Lecturer: Fadwa Tlaelan

Lecturer: Fadwa Tlaelan
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.

1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
Unit 18 Data Security 1.

Unit 18 Data Security 1.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Cyber X-Force-SMS alert system for E-mail threats.

Cyber X-Force-SMS alert system for threats.
Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security

Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.
E-mail Privacy By Mohammed Al-Ghamdi. Outline Introduction E-mail Privacy How to Provide Privacy E-mail Ethics Summary.

Privacy By Mohammed Al-Ghamdi. Outline Introduction Privacy How to Provide Privacy Ethics Summary.
Email By Laura Trawin.

By Laura Trawin.
563.8.2 Spam Sonia Jahid University of Illinois Fall 2007.

Spam Sonia Jahid University of Illinois Fall 2007.
 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.

 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

Similar presentations

Ads by Google