Sunday, March 1, 2009

Forwarding Emails - The Threat

Forwarding emails that you receive pertaining to some supposedly important subject is certainly a form of social engineering. Social engineering, for those that don't know, is when a hacker uses the "gullibility of people" to gain information. We have all received emails telling us about an impending situation that you feel obligated to let all your friends and family know about. Emails about viruses, computer threats, stimulus checks, refunds, you name it... the subject list is endless. The point is... hackers, marketeers, and the like use these emails to gain information about the addressees that you forward the email to. Hacker tools in the category of E-Mail Tracking are used for this purpose. These tools allow the originator of an email to know whether the recipient reads, forwards, modifies, or deletes an email, along with their email address. A single pixel graphic file that isn't noticeable to the recipient is attached to the email. Then, when an action is performed on an e-mail, this graphic file connects back to the server and notifies the original sender of the action. So, when you forward that email, it returns a list of all the addresses you forwarded it to.

The result? The hacker now has all of the e-mail addresses that you forwarded the email to, along with those of the next person and so on. Notices about grave consequences are normally send by authorities on the subject matter... For example, Symantec or McAfee (computer security companies) would send out notices about computer threats, viruses, trojans, etc.

Passing on the emails to your address list is doing exactly what the hacker wants you to do! Remember, be judicious in forwarding emails, including jokes, to the members of your address list. Following this advice will help reduce spam, identity theft, and other malicious threats to your confidentiality.

RonC

No comments:

Post a Comment

McAfee Security inSights Blog

Followers

About Me

My photo
Divorced, 3 Children, Information Security Professional.