Email and Cyber Crime

What is Email and How Pervasive Is It?

     The use of email world-wide is ubiquitous.  According to the Radicati Group, Inc. (2015) by the end of 2019, there will be nearly three billion email users in the world using over five and half billion email accounts.  The table below lists the forecast prepared by Radicati and represents users and accounts in the millions.  Coming in only second to text, email is one of the more popular forms of communications, especially in business.

Table 1: Forecast of Email Usage 2015-2019 (Radicati, 2015)

     Email, unlike text or instant messaging (IM), is less urgent a means of communications.  Users typically feel as if they can respond to an email in hours or even days after they receive an email since it's not as immediate as a text message or IM.  Email allows users to type as much as they want, to format paragraphs into bullets or lists, and to insert files and objects like other media as attachments.  Email's adaptability and ease of use as a communications medium make it very popular and prevalent in the world.

     Before we delve into why email keeps me up at night, perhaps a brief discussion on email's basic client server architecture is in order: First, email is an asynchronous method of communication which means users and their systems don't have to be online at the same time to use email because email communication does not take place in "real-time" like a voice call or a video-call.  Second, modern email systems use a store-and-forward employment model which means senders and receivers need only to connect briefly to their mail server just long enough to send or receive (upload and download) email messages.  Third, email services use standard protocols like SMTP, IMAP, and POP3 to communicate between senders and receivers.  Figure 1 shows a simplified diagram of email operations between a sender and receiver.  Note the use of standard protocols between participants.  All of this is to explain the ease in which an actor with malicious intent can contact nearly three billion users anonymously, automatically, from anywhere in the world.

Figure 1: Email in four steps (Creative Commons, 2018)

     The ease of use and availability of free email service providers makes email usage so popular.  It's also why cyber criminal often choose email as their means for delivering malicious software (malware) or to commit crimes.  As an example, consider the following four common crimes carried out via the use of email:

1. Spreading malware (worms, viruses, trojans, rootkits)
2. Email Bombing: spamming, or emailing an incredibly large number or emails, to a particular sender or organization to deny them legitimate use of their mail capability by overwhelming their mail application or mail server causing it to crash (loss of availability)
3. Threatening emails: harassing or threatening email demanding responses or an exchange of goods or money
4. Spearphishing: emails designed to fool users into disclosing personal or sensitive information by imitating legitimate emails with embedded links to captive portals that capture user credentials

     In other crimes, email is not the primary method but rather the supporting structure for carrying out the crime.  Consider the following crimes that rely on email for support:

1. Ransomware: In a ransomware attack, malware is installed on the victim's system or network that encrypts the information and makes it inaccessible to authorized users (loss of availability)
2. Identity Theft: In an identity theft, attackers steal a user's personally identifiable information, available on the web as a result of any of numerous data breaches, and open accounts using the victim's identity; email is used to communicate with organizations and businesses using the forged or assumed identity to avoid having to appear in person or speak to a human representative on the phone
3. Frauds and Scams: Attackers seeking to separate users from their money use email and spamming techniques to entice users into responding to unsolicited emails in order to collect on lottery winnings, inheritance monies, and other rewards; unsuspecting users are exploited out of exorbitant sums of money via email scams
4. Requests for Assistance: In this crime, emails requesting assistance for disaster relief or to claim unpaid winnings similar to other frauds and scams are used to appeal to the victim's cognitive bias to be helpful and charitable

One of the most common aspects of email crimes is the spoofing aspect.  Similar to website masquerading, criminals spoof the origination of the email to lure the receiver into believing that they received an email from a legitimate, authorized sender.  Spoofing is almost always required to successfully lure a user to click on a link or provide requested information back to a malicious sender.  Spoofing is accomplished by forging information in the email message header (more on this below) and is possible because there is no address authentication requirement in the SMTP protocol.  Although there are several current solutions available to protect against email spoofing, none have been adopted as an industry standard.

Laws Governing Email 

     There are several laws governing the authorized use of computers in the United States, and in turn the use, misuse, and abuse of email.  One of the more far-reaching laws is the Computer Fraud and Abuse Act (CFAA) of 1984.  The CFAA broadly defines a "protected computer" as a device that is used in interstate or foreign communication.  This equates to practically every Internet-connected device including those operating out of foreign countries.  Another law enacted in the U.S. to protect against email crimes is the CAN SPAM Act of 2003.  The CAN SPAM Act makes it mandatory for businesses and organizations to do the following in their email marketing:

1. Mandatory "From" information to notify the receiver who is sending the message
2. Honest subject lines to explicitly communicate that the email is about marketing and advertising
3. Physical address so receivers can contact the originator
4. Opt-out options so receivers choose to not receive future mailings

Email Headers

Warning: Every line in an email header can be forged.  View all header information with skepticism. Only the RECEIVED lines created by your Internet Service Provider (ISP) or your computer can be trusted.  See Table 2 for a brief explanation of the content of an email header.  Table 3 lists some tools and techniques available for forensic analysts to use to investigate email crimes.

                              Table 2: Header components and explanations

                                      Table 3: Tools and techniques for email forensics

References:

Banday, M. T. (2011). Techniques and tools for forensic investigation of e-mail. International Journal of Network Security & Its Applications (IJNSA), 3(6). Retrieved from https://pdfs.semanticscholar.org/8625/a3b17d199e5cabbb796bad 0df56a7979c77c.pdf 
Radicati, Inc. (2015). Email Statistic Report. Retrieved from http://www.radicati.com /wp/wp-content /uploads/2015/02/Email-Statistics-Report-2015-2019-Executive-Summary.pdf