Email
Sign in

Email

Information Security Professiona
Wow! Has it really been three months since I've posted here? Distractions ...

I was talking about email, at a very high level. This is about specifics.

The same technobabble which applies to the Internet applies to email. When I send a message, it is broken down into packets and sent through a series of nodes until it reaches its final destination, where it is reassembled. Unless my email system took steps to encrypt it, those packets are sent in clear, readable form, and can be viewed by anyone. Even worse, they could be copied by anyone. Even even worse (in my business, there is always more “worse”), they could be altered by a smart but mischievous person. Imagine sending an email to your clients and having some prankster insert some comment like “I love you” (on a 1-to-10 scale of bad, perhaps a 2), add a horribly derogatory epithet (a 7 or 8), or sever the business relationship entirely (which the previous might have taken care of anyway).

Of course, anything that is really cool is fraught with peril, and email is no exception. For centuries, “snake oil” salesman traveled from town to town, peddling their guaranteed miracle cures, and moving on before the local gentry were able to discern the truth. Then con artists developed door-to-door scams, until everyone got so busy that there was no one home to open the door. And, of course, the U.S. government perpetuated the biggest scam in history when it faked the moon landings. (Not! But, amazingly, some people actually do believe they were faked.) Hollywood even romanticizes the phenomenon of scam artists in movies such as The Sting, Dirty Rotten Scoundrels, and Ocean’s 11. Sorry, but I'm not as familiar with the titles that Bollywood offers.

But in these movie examples, the criminals had to put in face time, which put them at risk of being later identified, arrested, and tarred-and-feathered. The Internet has added a layer of anonymity to the game. The Internet allows them to do their dirty deeds without revealing their identity, covering their tracks, or simply operating in countries which are not all that interested in pursuing them even if their identity is known.

And, just as IP addresses can be spoofed, making it appear as though web traffic is originating from another location, email addresses can be fabricated as well. By now most people have received spam email that appeared to originate from themselves. Many spammers—especially those who are trying to trick people into downloading malware—will co-opt your good name and send a message to your friends as well, hoping their recognition of the sender will make them let down their guard.

SCRAPPY TIP: If you get an email from a familiar source—such as your mother or your insurance agent, or even yourself—with an inappropriate subject line like “Naked picture of…,” think twice before opening it.

Next time: Why do I get bounceback messages for emails I know I didn't send?

start_blog_img