EMAIL CRIMES

Email has fast emerged as the world's most preferred form of communication. Billions of email messages traverse the globe daily. Like any other form of communication, email is also misused by criminal elements. The ease, speed and relative anonymity of email has made it a powerful tool for criminals. The main goals of Email Crimes are financial gain. Some of the major email related crimes are: 

Spoofing

Email Spoofing is the act of sending an email under a different header so it seems to be coming from a reliable source and using this to trick people into opening and responding to solicitations, often requesting money to receive a large payment.

Phishing

Email Phishing is a more sophisticated version of Spoofing where the cybercriminal learns about their target first in order to contact them masquerading as a known contact. They then use this trust to get their target to open malware through their email. The qualities of phishing emails differ, of course, but some can be frighteningly believable.

Spear Phishing

Spear Phishing is the same as Email Phishing, however it is more tailored towards a particular individual or organization.

Spam

Spam is the use of electronic messaging systems to send an unsolicited message (spam), especially advertising, as well as sending messages repeatedly on the same site.

EMAIL CRIMES EXAMPLES

CEO fraud - e-mail scams in which the attacker spoofs the boss and tricks an employee at the organization into wiring funds to the fraudster. The FBI estimates these scams have cost organizations more than $2.3 billion in losses over the past three years.


Banks - have been hit hard by phishing scams that distribute convincing emails to consumers, asking them to provide financial account information and PIN numbers.


E-commerce - is another industry that experiences a high volume of fraudulent email attempts. Online shoppers regularly receive emails that invite them to click a malicious link or enter account login credentials and credit card information.

Whaling - Several phishing attacks have been directed specifically at senior executives and other high-profile targets within businesses, and the term whaling has been coined for these kinds of attacks. In the case of whaling, the masquerading web page/email will take a more serious executive-level form. The content will be crafted to target an upper manager and the person's role in the company. The content of a whaling attack email is often written as a legal subpoena, customer complaint, or executive issue. Whaling scam emails are designed to masquerade as a critical business email, sent from a legitimate business authority. The content is meant to be tailored for upper management, and usually involves some kind of falsified company-wide concern. Whaling phishermen have also forged official-looking FBI subpoena emails, and

claimed that the manager needs to click a link and install special software to view the subpoena.


Business Email Compromise (BEC) - According to the latest figures from the FBI, cyber thieves have stolen $2 billion from 12,000 businesses1 using a scam that starts when business executives’ or employees’ email accounts are compromised or spoofed. The fraudster is able to steal money with the help of an unwitting accomplice, an employee who is fooled into submitting a wire request. From the perspective of the company’s financial institution, the transaction appears completely legitimate. Even confirmation calls or other out of band authentication will reach the employee who did indeed submit the request. 

A report from the Anti-Phishing Working Group (APWG) found that more than 300 brands are hijacked by phishers every month, eroding trust in the email channel across many sectors including financial services, payment services, gaming, retail, auctions and social networks.

ADDITIONAL CHALLENGES

Email deliverability is influenced by a lot of factors, including signing your mail, keeping clean lists, sending wanted content, having a good sending reputation, and much more.


Your sending reputation is how ISPs identify you as a legitimate sender. Every time you deploy an email campaign, you are providing them with valuable data that says whether or not you follow proper sending practices.


There are two types of email reputation—IP reputation and domain reputation.

There has been a sharp move towards domain reputation predicated by the move from IPV4 networks to IPV6 networks. While it’s not yet common practice to use domain reputation, required under IPV6 (though Gmail is already the strongest proponent), ISPs are starting to use the combination of IP and domain reputation until IPV6 is fully adopted.


Most importantly, with domain reputation, you can’t change an IP address to fix reputation problems. Email sending mistakes can now affect your domain reputation and your brand in a bigger way than it ever has before. This is why it’s so important to have good sending practices.