Download paper

Email and Their Security Issues

Categories: Security

Abstract

In this paper, we’ll discuss about email and their security issues. Email is that the most typical mode of communication these days. Email not only used for sending messages or text only but also to send audio, video and other files as attachment. We always relay on email’s confidentiality and integrity for important data or communication. We’ll discuss about the privacy issue, how the attacker attacks an email and the prevention of emails. This architecture will improve the security of accounts.

Our research suggests that only a proper knowledge of the prevention strategies will prove the best defence.

Index Terms- security, privacy, spam, password, update, connection, prevention, attackers.

INTRODUCTION

Email is a piece of information stored on a computer that is exchanged between two users over telecommunications. Email is a message which contain text, files, images, or attachments that sent through a network to an individual or group of individuals. E-mail travels on the web so they are exposed to the intruders.

Email is one of the technologies which a tool used by nearly every person with an internet connection. It allows you to no cost, send a letter of unlimited length and unlimited emails to one person or many people and they can reply straight away. Setting up your own email account will allow you easy to communicate with people which the place in everywhere.

In1971, the first e-mail was sent by Ray Tomlinson. Tomlinson sent the e-mail to himself as a test e-mail message which is containing the text something like “QWERTYUIOP”.

Top Experts
Sweet V
Verified expert
4.9 (984)
Prof. Laser
Verified expert
4.8 (435)
Belle
Verified expert
4.7 (657)
hire verified expert

However, despite sending the e-mail to himself, the e-mail message was still transmitted through ARPANET. By 1996, a lot of email correspondence was being sent than communication mail. the primary portion of all e-mail addresses, the half before the @ symbol, contains the alias, user, group, or department of a company. Next, Address consists two parts which is local part and domain name. The username should be unique that identifies the recipient. The domain name is the address and people can share the same domain name. The @ sign is used as a divider in the e-mail address; it is required for all SMTP e-mail addresses since the first message as sent by Ray Tomlinson.

Structure of email consists of two components. There are message header and message body. The message header which is control information including one or more recipient email address and subject header field. The message body which is email’s content. For managing email which is keep your inbox uncluttered, delete what you don’t need, automatically filter and process incoming emails.

The Most Widely Used Email Client in the World …

The following table shows Email Usage Statistics in 2019 and The Most Widely Used Email Client in the World. Email is used to communicate in many settings. Modern email operates across internet or others computer network. Even though the use of email is decrease day by day between teenager but Gmail is the most popular email clients for google play, business, education and online banking. The reason why email usage is decrease because users like to message or text and share this information to the whole world via social apps which are very easily accessible. Employees share plethora of personal information on social apps thus putting their corporate infrastructure and data at a risk. However, the most popular client for sending emails is the Apple iPhone. Gmail have a 26% market share of all emails in the world, there is one service provider. It is one service provider that managed emailing service for the top spot.

Why to use email? We can differentiate between the advantages and disadvantages of emails. The advantage of email is easy to use and easy to reference when send and receive a message can be stored logically and reliably. We can save the time, Email is very fat, usually taking no more time than a few minutes to be received. The disadvantage of emails is some email cause upset or anger and information overload which is too many people send too much information. They often cite ‘need to know’ as the justification.

PRIVACY ISSUES

Weak Passwords

Simple password that commonly use by people. Some example of simple password would be like ‘123456’, ‘111111’, ‘abcde’, ‘password’.. No matter how strong the network, email password still poses a threat. Implementing stronger password policies which is contains uppercase, lowercase letters, numbers and symbols.

Sending Confidential Data

If emails aren’t encrypted, sending confidential data is like telling hackers “please, come steal our information.” We don’t want that to happen to any business, but it happens all too often. Have a clear policy about what should and shouldn’t be sent over email and ensure any confidential data is encrypt.

Phishing

Phishing is the act of tricking somebody to reveal your personal information or data. hackers create new user credentials or install malware such as backdoors into your system to steal sensitive data. The common practice is for attackers to send messages with a link to a malicious site and give a website to users that will try to convince them to install the malware. When user click on a link in an email to go to an account there will occur phishing scams looking for user data.

Malware

Emails with sensational titles like ‘You’ve won a million dollars’ or ‘Poor people in Africa need your help’ will attract user to click in. Email is the most common entry point for malware. Email attachments are one of the ways to spread malware. It’s such unexpected email address, suspicious link within emails, malicious attachments and sensational subject lines. Zeus and CryptoLocker are types of malware that infect devices through email. These are some of the most dangerous malware that can empty your bank account.

Stolen Devices

When your smartphone or tablet is stolen, thieves will simply tap to view all emails. Devices are suggest to secured with a passcode or biometric security. We recommend securing devices and being able to remotely wipe them quickly.

ATTACKING SCENARIOS

Phishing.

Phishing is one of the fastest growing attack vectors. For hackers, it is a tried and tested method that has been successfully working for more than a decade. In fact, it has been more than two decades since the first reported phishing attack in 1995. Phishing occurs when a malicious party sends a fraudulent email disguised as being from an authorized, trusted source.

Spam

Spam also known as junk mail which is unsolicited email. We all have a “spam” folder in our email accounts where we receive unwanted emails or emails. Spam emails saw an increase within the last number of years due to the expansion of social media and e-commerce websites. Companies, for example, usually broadcast their “latest news” or announcements over email to large numbers of people who are a part of an opt-in list.

Adware

Adware is unwanted software which designed the advertisements up on your screen, most often on a web browser. Once adware hijacks your phone or laptop, it might carry out all sorts of unwanted tasks, risks and threat. Some versions of software automatically help your device install Adware.

Vendor Email Compromise’: A New Attack Twist

The recently discovered type of email scam has been dubbed Vendor Email Compromise (VEC) and as its name suggests, the attackers prey on employees working at vendor companies The group, which Agari researchers call “Silent Starling,” has been operating since at least 2018. It has targeted about 500 businesses throughout the world, compromising about 700 employees’ email accounts along the way, the researchers estimate.

PREVENTION STRATEGIES

  • Don’t click suspicious links in email or texts – Phishers often send links via email that look legitimate, but once clicked on, will allow them to steal your information. Email attachments that contain malware and the easiest way to avoid these scams is by not clicking the links or attachments. As a general rule, never open links or download attachments from unknown senders. Emails from known senders that contain links or attachments without any context are also bad news.
  • If signing up for a new email service, check for 2FA support -When signing up with an email, check to see what layers of security are available such as 2FA either through SMS or app-based such as Google Authenticator because no all email providers provide 2FA. The benefit of 2FA is provides a second layer of security such as a text message sent to a smartphone with a one-time password. Only the person with your device can ostensibly complete a new login. Not to mention, it can inform you when someone is trying to log into your email account
  • Use a password manager and two-factor authentication wherever possible – Use a reputable password manager to change all of your online passwords to strong, unique ones for each login. We can’t stress this enough. Hackers today use a tactic called credential stuffing, whereby they literally cram previously stolen usernames and passwords into as many online services as possible. Why? Because a lot of usernames and passwords are identical across email.
  • Create a strong password – A good password is hard for other people to guess but easy for you to remember. To keep your Facebook and email account protected keep your password safe and always log out to prevent others hacking your Facebook and email accounts.
  • Evaluate your settings – Make sure you stay updated with the site’s privacy settings. The default settings may allow anyone to see your “profile”, but you may have an option to customize your settings to restrict access to only certain people. Sites may change their features periodically, so make sure you review your privacy/security settings regularly to make sure that your choices are still appropriate.
  • Beware of third-party applications – Third-party applications may provide entertainment or functionality, but use caution and common-sense when deciding which applications can access your personal information. Avoid applications that seem suspicious, and make sure to modify your settings to limit the amount of information which the applications can access.
  • Use a secure, unique password – Protect your account with passwords that are hard to be guessed. If your password is compromised, someone else may access your account and pretend to be you or can do virtually anything on your behalf, without your knowledge. Combining capital and lowercase letters with numbers and symbols creates a more secure password. Different password for different accounts always confuses the cyber-criminals.
  • Use encryption software for sensitive emails – Compared to just booting up your Gmail, setting up email encryption software and make sure your recipient has the ability to read your encrypted message. But it’s certainly less of a pain than getting hacked, and once you get your encryption system set up it becomes quite simple to use. If you shop around a bit, you can almost certainly find something that fits well into your existing workflows. It is always recommendable to enable it.
  • Don’t use public Wi-Fi or public computers, if you can help it – the hacker simply snoops on all the information that’s getting sent through the network and collects your account details and passwords in near-real-time as you use them. Using a VPN or some other form of encrypted connection is best if you must connect to public WiFi, but the safest approach is simply to avoid it entirely.
  • Restrict physical access to your machines – If a potential hacker can physically access your machine which is install a keylogger and hacking your email. Use a secure password and be sure to log out whenever you’re stepping away from the screen.
  • Contact help in case of hacking – If you are a victim of such a scenario, please contact the respective company immediately. Every company has an account verification department. They also provide instant chat support/phone support. By changing your password immediately, you quickly minimize the resulting risk of your Yahoo! account.
  • Do not share your password – If you are ever asked for your password in an unsolicited manner of Yahoo!/Hotmail/Facebook/Gmail or any email. Please do not share your password with them and ask them the reason for asking or contact directly the respective company, as they have a separate department to handle such issues.
  • Change the security questions and answers wisely – The good security question is cannot be easily guessed or researched, doesn’t change over time, is memorable and is simple or definitive such as personal favorite.
  • Don’t use the same password – Having the same password for all your email, social media, financial accounts is good. You don’t have to memorize any other passwords. However, it isn’t a safe way. At least use a different password for your main email..
  • Keep your system’s software updated – Keeping your systems updated will ensure that when known security flaws get patched, your system gets patched too. If you’re running old software, chances are it has at least a few known issues that a skilled hacker might be able to exploit.
  • Scan emails for questionable content – Not all companies may be comfortable with this, as scanning employee emails is a form of snooping in its own right. Yet scanning incoming emails can help you block messages that look sketchy. Scanning outgoing mail for sensitive company information could help you ensure that employees aren’t sending any data to people they shouldn’t be.
  • Consider putting a credit freeze on your account – As a last resort, if your email has been hacked, put a credit freeze on your account. It’s easy to do and gives you more control over who has access to your accounts. When making purchases (like a car), if someone needs to access your credit report, you can easily turn the account back on, then reinstate the freeze afterward.
  • Remove apps & browser extensions you don’t need – As more apps are installed on a device, it can become more vulnerable. Install only essential apps and browser extensions on devices that have access to sensitive information. Avoid installing unknown apps or apps from unknown sources to protect your device and personal info.

The Internet is used by everyone and anyone. The hackers can steal our precious data in many ways. Be careful what you post over email accounts, no matter how safe you think you are, the Internet will never be safe. Do not keep a copy of your email details on the Internet or on your system.

PROPOSED ARCHITECTURE

E-mail system normally consists of two sub systems which is the user agents and the message transfer agents. The user agents allow user to read and send e-mails. The message transfer agents transfer the messages from source to destination. he user agents provide a command based, menu-based, or graphical method for interacting with e-mail system. The message transfer agents are processes that run in background. Their job is moving the datagram e-mail through system.

There are four scenario used to exchange the email: First scenario is sender and the receiver of the email are on the same system. They are connected to shared system and need two user agent. When Alice need to send a message to Bob, Alice run the user agent program to prepare the message and store in Bob’s mailbox.

Figure 1 : First Scenario

Second scenario is the sender and the receiver use two different systems. The message needs to send over the internet. We need user agent and message transfer agent. The sender use user agent to send her message to the system. The recipients need user agent to retrieve message. Here need one client and one server

Figure 2 : Second Scenario

Third scenario is the sender connects to the system via point to point WAN and needs user agent to prepare the message. Then through a pair of message transfer agent, send the message through LAN or WAN.

Figure 1 : Third Scenario

Fourth scenario is the recipient connets to his email server by WAN or LAN. After message arrived, recipient need to retrieve it. we need two user agent, two pairs of message transfer agent which is client and server, and a pair of message access agent.

Benefits of architecture

The proposed architecture provides the process of sending and receiving a message easier. The user agent programs that composes read, replies to and forward message. Its also can handles the mailboxes.

Limitation

The proposed architecture which is easy for misunderstandings to occur with email, as there is only text and no tone of voice, or body language to provide context. Email can be sent anonymously and people who don’t take the time to read what they write before clicking ‘send’. It is also easy to make mistakes with email by clicking the wrong button. Email are so easy to send to multiple people, they can create information overload.

CONCLUSION

In the end, by e-mail communication is the most common way of exchanging information in almost every business and company. Don’t share any password to a stranger. Be careful who use your device and where internet connection you connect. For prevention you should take precautions hence for this you can take advantage of the public available solution Having a robust, effective email security solution has been a necessity for most organizations today. It is the responsibility of every individual to protect themselves with sensitive personal identifying information.

REFERENCES

  1. Sarika Choudhary, Rajesh Ghusinga, “E-mail Security: Issues and Solutions” International Journal of Computer Information Systems, Vol. 7, No.4, 2013.
  2. Scott Ferguson ‘Vendor Email Compromise’: A New Attack Twist
  3. First Author – Lee Qiao Wei. Faculty of Information And Communication Technology, Computer Science in Security, University Teknikal Malaysia Melaka.
  4. Second Author – Ong Shi Teng. Faculty of Information And Communication Technology, Computer Science in Security, University Teknikal Malaysia Melaka

Cite this page

Email and Their Security Issues. (2019, Nov 29). Retrieved from http://studymoose.com/email-and-their-security-issues-essay

Are You on a Short Deadline? Let a Professional Expert Help You
HELP ME WITH WRITING
Let’s chat?  We're online 24/7