Email hacking
- 1. Email Hacking Email Client Security
- 2. Look forward to... • Introduction • What is an E-mail? • Working of an E-mail • Hacking through E-mail • Fake E-mail Generation • Measures to follow
- 3. Introduction • Hackers don't always aim an IT giant but also the tiny blocks in the IT environment that is YOU. • Only way to defend the organisation is to secure your email. • Next you will see what is an e- mail and some of the ways through the hackers try to jeopordize you and your organisation.
- 4. What is an E-mail? • Electronic mail, commonly called e-mail, is a method of exchanging digital messages across the Internet or other computer networks. • An email message consists of two components, the message header and the message body, which is the email's content
- 5. How does an E-mail work?
- 6. Malware • Sometimes attacks come with malicious links or attachments. • They may contain: VIRUS WORM TROJAN SPYWARE
- 7. Spam- PHISHING • Unwanted bulk commercial messages in your inbox. PHISHING • The attempt to trick individual into responding to the email, opening files or disclosing sensitive information. SPEAR-PHISHING Specialized phishing attack targetting a speific individual or group.
- 8. Social Engineering • In Social engineering attacks one method is to spoof the identity of the user by masqurading as a trusted user in attempt to get the access.
- 9. Unintentional Acts • Authorized users may sometimes send sensitive data inadvertently. • Using personal account is a threat.
- 10. Fake E-mail Generation • The attacker can send email to victim by online fake mailers such as emkei.com. • There is wide range of fake mailers, here for our tutorial we go with the emkei fake mailer.
- 11. How t o protect from common threats • Avoid using personal accounts for transmitting company data. • Never send sensitive data such as usernames and password in response to any email. • Never forget to log off while using public devices
- 12. Continued... • Avoiding using “BCc” and use “Cc”. • Be cautious while using “Reply All” button. • Be careful while forwading emails.
- 13. Continued... • Deleted emails are not deleted permantently. • Never click on suspicious links • Avoid opening suspicious attachments. • Delete suspicious email before opening.
- 14. Continued... • Recognize Phishing emails. • Do not Unsubscribe to any email if not sure you subscribed to. • Your friend's email may be compromised.
- 15. Identify fake email • Fake emails or fake mails are those emails which pretend to come from a specific email address but are sent from some fake email senders. • e.g. Sender's name: Mark Zuckerberg Sender's email: mark@facebook.com
- 16. Continued... 1. Click on the down arrow on the right of the “me” You will see something like this.
- 17. Continued... • Here you will see some details about the email. If the email comes from a trusted source, you will be able to see two more fields, Mailed By and Signed By. • This method can be applied only for the emails coming from big companies like Google, Facebook, LinkedIn, Twitter and other companies.
- 18. Continued... • For small companies who use their dedicated servers something more needs to be done. • See the header of the email. • To see the header of an email, click on down arrow at the right side of the reply icon and click on show original.
- 19. Continued... • This is header information. • Search for Received: from in this page. • See the domain there. • Now see the website emkei.cz and you will know that the domain belongs to a fake mail sender website.
- 20. Continued... • See authenication results in the header information. • Check SPF, DKIM, DMARC status. The status must show PASS.
- 21. Conclusion