Investigating E-Mail Attacks MODULE 10 Contents 10.1 Learning Objectives ............................................................................................................ 5 10.2 Electronic Mail (E-mail) .................................................................................................... 5 10.2.1 E-mail Message Components ...................................................................................... 6 Figure 1: E-mail Message Components ................................................................................... 6 10.2.1.1 Header ................................................................................................................... 6 10.2.1.2 Message Body........................................................................................................ 7 10.2.2 Components of an E-mail System ............................................................................... 7 10.2.2.1 User Agent (UA) .................................................................................................... 7 10.2.2.2 Message Transfer Agent (MTA) ........................................................................... 7 10.2.2.3 Message Access Agent (MAA) .............................................................................. 7 10.2.2.4 Spool ...................................................................................................................... 8 10.2.2.5 Mailbox .................................................................................................................. 8 10.3 Architecture of E-mail ........................................................................................................ 8 10.4 Protocols used in email systems ........................................................................................ 9 10.4.1 SMTP ........................................................................................................................... 9 Figure 3: positions of SMTP, POP3 and IMAP protocols .......................................................... 10 10.4.2 POP3 .......................................................................................................................... 10 10.4.3 IMAP .......................................................................................................................... 10 10.5 Differences between POP3 and IMAP ............................................................................. 11 10.6 Working of E-mail ............................................................................................................ 11 10.7 Types of E-mail ................................................................................................................ 13 10.7.1 Advantages of e-mail .................................................................................................. 14 10.7.2 Disadvantages of Email ............................................................................................. 14 10.8 E-mail Attack .................................................................................................................... 15 10. 8.1. Spam ......................................................................................................................... 15 10.8.2 Phishing Attacks ........................................................................................................ 16 10.8.3 Spear phishing ........................................................................................................... 16 10.8.4 Whaling Email Attack ................................................................................................ 16 10.8.5 Virus .......................................................................................................................... 17 10.8.6 Pharming.................................................................................................................... 17 10.8.7 Ransomware............................................................................................................... 18 10.8.8 Spyware ...................................................................................................................... 18 10.8.9 Business Email Compromise (BEC) Attacks............................................................ 18 10.8.10 Account Take Over (ATO) Attack ........................................................................... 19 10.9 E-mail Security ................................................................................................................. 19 10.9.1 Organization Email Security Best Practices ......................................................... 19 10.9.2 Individual User Email Security Best Practices...................................................... 20 10.10 Email attacks and crimes ................................................................................................ 21 10.10.1 Flaming ..................................................................................................................... 21 10.10.2 Email spoofing ......................................................................................................... 21 10.10.3 Email bombing......................................................................................................... 21 10.10.4 Email hacking .......................................................................................................... 21 10.10.5 Spams ....................................................................................................................... 22 10.10.6 Phishing .................................................................................................................... 22 10.10.7 Email fraud ............................................................................................................... 22 10.10.8 Phishing emails ........................................................................................................ 22 10.11 Privacy in emails ............................................................................................................. 22 10.11.1 Email privacy ............................................................................................................ 22 10.11.2 Email tracking .......................................................................................................... 23 10.12 Email forensics ............................................................................................................... 23 10.12.1 Forensically important email parts ........................................................................... 24 10.12.2 Email forensics investigation ................................................................................... 26 10.12.3 Analyzing an email ................................................................................................... 27 10.12.4 Instant Messages ...................................................................................................... 32 10.13 Email forensic tools ........................................................................................................ 32 10.13.1 eMailTrackerPro ....................................................................................................... 33 10.13.2 Online EMailTracer ................................................................................................. 34 10.14 Summary ......................................................................................................................... 34 10.15 Check Your Progress ...................................................................................................... 35 10.16 Model Questions ............................................................................................................. 37 10.17 Further Readings ............................................................................................................ 37 References, Article Source & Contributors ......................................................................... 37 Investigating E-Mail Attacks 10.1 LEARNING OBJECTIVES After the completion of this unit the learner shall be able to: • Expain emailing and email services. • Corelate the structure of email to extract forensic information. • Categorize email attacks and crimes. • Use few email forensic tools. 10.2 ELECTRONIC MAIL (E-MAIL) VIDEO LECTURE E-mail refers to the transmission of messages through the Internet. It is one of the most commonly used technologies on communication networks that may include text, images, audio, video and/or other attachments. In general, the e-mail systems are based on a store- and-forward model and can also send a message to one or more recipients. Neither the users and nor their computers are required to be online at the same time; they need to connect, typically to an e-mail server or a webmail interface to send or receive messages or download it. E-mail servers are capable of accepting, transferring, delivering and storing messages. The list of some free e-mail service providers are AOL, Gmail, Microsoft Outlook, ProtonMail, Rediffmail, Yahoo Mail, Zoho and so on. 10.2.1 E-mail Message Components The e-mail contains delivery information along with content. It complies with certain standards set by The Internet Engineering Task Force (IETF) [https://www.ietf.org/], so that e- mail can be processed by the various computer systems. An email message consists of two main sections: the header and the body, which has been shown in below figure.