Hacking Email Accounts

Anatomy of a Phishing Email

Hacking Email Accounts Internet Security Whitepapers

This paper discusses the tricks employed by email scammers in "phishing" emails, which are emails that spoof a reputable company in an attempt to defraud the recipient of personal information. These tricks are classified according to whether they are employed in the fraudulent emails or used in the fraudulent Web pages accessed by a link provided in the email. All of the examples used within the paper were taken from fraudulent emails forwarded to MailFrontier, Inc., from its customers.

Email Virus Propagation Modeling and Analysis

Hacking Email Accounts Internet Security Whitepapers

Email viruses constitute one of the major Internet security problems. In this paper we present an email virus model that accounts for the behaviors of email users, such as email checking frequency and the probability of opening an email attachment. Email viruses spread over a logical network defined by email address books. The topology of email network plays an important role in determining the behavior of an email virus spreading. Our observations suggest that the node degrees in an email network are heavy-tailed distributed and we model it as a power law network. We compare email virus propagation on three topologies: power law, small world and random graph topologies. The impact of the power law topology on the spread of email viruses is mixed: email viruses spread more quickly than on a small world or a random graph topology but immunization defense against viruses is more effective on a power law topology.

The Danger of Email Exploits

Hacking Email Accounts Internet Security Whitepapers

This white paper explains what email exploits are, provides examples of common email exploits, and discusses why a non signature-based approach (i.e., not a virus engine) is needed to protect against email exploits. Virus-writers are using increasingly complex and sophisticated techniques in their bid to circumvent anti-virus software and disseminate their viruses. A case in point was the notorious Nimda virus that used multiple methods to spread itself and was based on an exploit rather than on the virus/Trojan behavior that anti-virus products typically search for. Anti-virus software, though essential, cannot combat such threats alone; an email exploit detection tool is also necessary.

The Evolution of Email Security: Symantec Brightmail Integrated Email Security Appliance

Hacking Email Accounts Internet Security Whitepapers

Email security is increasingly moving away from a focus on a single type of protection, such as antivirus, toward a focus on broad protection from a wide range of emerging threats to enterprise security. While antivirus software remains the foundation of email security, emerging threats are forcing organizations to approach email security with a more comprehensive solution. Corporate concerns about spam, viruses, worms, legal liability, regulatory compliance, and employee productivity are driving the need for a more complete solution. Moreover, there is an increasing need for integration between individual security technologies in order to reduce the cost and time associated with managing point products.

Yahoo!'s Sign-in Seal and Current Anti-Phishing Solutions

Hacking Email Accounts Internet Security Whitepapers

Yahoo! Sign-in Seal is a feature that allows users to personalize a sign-in page with an image of their choice. Unlike SiteKey, the personalization is tied to the browser/computer and not to a specific user account. This is a critical distinction that causes the two solutions to have quite different properties. Yahoo! users may be phished of their username and password so that a phisher can look for valuable information in their account. To help protect Yahoo! users and combat phishing, Yahoo! developed Sign-in Seal.