121mailer.com
Security Flaws in Email
Email has been one of the main methods people communicate using a computer system -- wether on a desktop or phone. It can be used to send anything from a short messages to multiple file attachments. Because of its convenience and popularity, email has also become a favorite method for hackers to attack computer systems. Here are some common email security flaws exploited by spammers and hackers.
Unverified Sender
A major flaw of all email messages is that the sender's name and email address cannot be verified. The sender information displayed is simply whatever the creator of the email puts in the "From:" field of the message. A fake email like the one shown below is easy to create.
Some spammers might put "George" as the sender with the intention of tricking you into opening the email. You could mistake the email to be from someone you know by that name. Other spammers or hackers might use the name of a popular bank as the sender. You could then be tricked into clicking a link in the email. The link might carry a computer virus that infects your computer or phone. The link might also be a fake login screen used to steal your password.
Recent Internet email standards have been published to address this problem. Email servers can digitally sign email messages to vouch for their authenticity. Unfortunately, it is not yet widely implemented enough on the Internet.
Images in Email
In the early days of the Internet, the email standard allowed message contents containing only plain text written in the English character set. The standard was later expanded to allow character sets of other languages. It also defined how images and other attachments can be included in the message content. The new standard enabled email messages to have a visually appealing layout with graphical images. Images can be embedded in the data content of the email or can be a referrence to a remote file on a server. The remote referrence is a URL link to a web server from which the email viewer can retrieve the image. This process is the same as using a web brower to open a URL on the Internet.
Accessing an image URL in an email is a loophole which betrays some of your privacy in a couple of ways.
- It reveals if/when you have opened the email and each time you opened the email.
- It reveals your IP address each time you open the email.
URL Links
Almost all email viewers can detect a URL link in an email and automatically open a web browser to access the URL when you click/tap on the link. This is unfortunately a major way for a computer virus or malicious code to break into your system. Often a URL is sent in a message using a fake sender name or email address. This tricks the reader to trust the email, let his/her guide down, and open the URL link. From there a web page might ask the reader to download a virus-contaminated file. The web page might also show a fake login screen and steal your password.
Be mindful that a URL link might show a different display URL address from the actual URL to be accessed when clicked. For example http://www.example.com, the displayed URL might show a familiar and trusted web page, while the underlying link takes you to a fake web page.
File Attachments
File attachments in an email represent the most obvious way malware can penetrate a computer system. Opening an attachment can cause malicious code to run -- either as a script within the application opening the attachment or as a standalone binary executable.
Care should be taken to ensure the file attachment can be opened view-only, without executing any code. Simple text files or image files (JPEG/GIF/PNG etc.) are safe. Other types of files such as spreadsheet, word processing document, etc. might cause macro scripts to run within the associated application.
Send us a message: