Ummed Meel

Email Frauds & Crime Safety

Publish Date: 30 Aug 2018 | Author: Ummed Meel (Cyber Expert)

Electronic mail is a method for exchanging messages between people using electronic devices. Some guy with the bad intension can misuse this technology to cheat innocent people. Email fraudster can cheat people by sending email from spoofed, hacked or fake email account. Email account of the victim can be compromised by using several hacking tools or social engineering techniques

How attacker/Hacker can get access of your email account:

1. Phishing Attack:

Free or Discount Offer: Attacker can send you a phishing page to login your email account that seems very similar as original site but actually that is a fake website. To grab your mind, attacker can propose some free or discounted trip package, shopping, banking and lottery offers

Password Update: Attacker can send you a password update reminder with a fake link (looking similar as original)

Security Audit: Nowadays attacker can send you an alert mail that someone tried to gain access of your account anonymously. In the mail body attacker also mentioning that please visit the below mentioned link (malicious) if you want to secure your account from unauthorised access

2. Malware Attacks:

Email Attachment: Sending you unsolicited/spam mails that contains attachment with malware (Virus/Worm/Spyware) infected files, attacker can hack your email account. Once such attachments are downloaded and opened by user than malware will automatically get installed and start uploading important information to the attacker’s server

Promotional Email: Sometime attacker designs a HTML email template to gain trust of victim. Attacker can also add a malware that can download and install automatically with hover effect only

3. Weak Password:

Password Guessing: Attacker can guess your mail account’s password if you use simple or default passwords like as phone number or 12345 etc

4. Social Engineering:

OTP Share: If victim is using 2FA (Two Factor Authentication) for security than attacker can also ask OTP using social engineering techniques

Types of email fraud:

Email Spoofing: Sender email address is looks original but not actually. These emails are originated from different account but spoofed with a genuine email address

Hacked Email: Email frauds can also be performed by sending email from hacked email account

Fake Mail: Attacker can also create a fake email acount and send email that is almost similar to the original. (eg: admin@toogel.com can be admin@t00gle.com)

How attacker can misuse your account:

1. Using access of your email account attacker can also gain access of your social media, banking and e-wallet accounts etc

2. Attacker can send unsolicited mail to your contacts and ask for money by showing that you are in emergency like as lost your passport in foreign country, Need Indian currency at airport and Got accident by car etc

3. Hacker can also send emails to your clients or customer to ask for pending or advance payment in a different bank account

4. Can send offensive messages to your friends and family members. Attacker can also ask ransom to stop sending such offensive messages

5. Attacker can also blackmail you behalf of your critical or private information that you have drafted in your email

Preventive Measures/Precautions:

1. 2FA (Two Factor Authentication): Two factor authentications makes user more secure because after enter username and password, email service provider will send a OTP (One Time Password) via text or call to verify the user. One Time Password is a temporary and valid for a very short duration after that user need a fresh OTP

2. SPAM: Do not open emails sent from unknown sender and spam folder

3. Password: Keep your email password complex by including special character, number and alphabets. User should also keep changing after a regular interval

4. Links: Do not click or visit attractive links received on social media to login your email account because it can be a malware or phishing attack

5. Unsolicited email: Do not download any attachment from unsolicited mail because hackers can send you a malicious file that may compromise your email account or complete machine

6. Store Password: Do not store your password on devices because someone who can access your device physically or remotely can steal your credentials

7. Social Media: Do not use your business email to create social media

8. Device: Do not keep your laptop or mobile unattended even for a single minute

---