














Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Cyber crime
Typology: Lecture notes
1 / 22
This page cannot be seen from the preview
Don't miss anything!















What is Cyber Crime?
Cyber crimes can involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal Code. The abuse of computers has also given birth to a gamut of new age crimes that are addressed by the Information Technology Act,
5.1 Category of Cyber Crime
We can categorize Cyber crimes in two ways
E.g. Hacking, Virus/Worm attacks, DOS attack etc
E.g. Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds, Pornography etc.
5.2 Technical Aspects of Cyber Crimes
Technological advancements have created new possibilities for criminal activity, in particular the Criminal misuse of information technologies such as:
Access means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network.
Unauthorized access would therefore mean any kind of access without the permission of either the rightful owner or the person in charge of a computer, computer system or computer network.
Every act committed towards breaking into a computer and/or network is hacking. Hackers write or use ready-made computer programs to attack the target computer. They possess the desire to destruct and they get the kick out of such destruction.
Some hackers hack for personal monetary gains, such as to stealing the credit card information, transferring money from various bank accounts to their own account followed by withdrawal of money.
By hacking web server taking control on another person’s website called as web hijacking
The program that act like something useful but do the things that are quiet damping. The programs of this kind are called as Trojans. The name Trojan Horse is popular. Trojans come in two parts, a Client part and a Server part. When the victim (unknowingly) runs the server on its machine, the attacker will then use the Client to connect to the Server and start using the trojan. TCP/IP protocol is the usual protocol type used for communications, but some functions of the trojans use the UDP protocol as well.
A program that has capability to infect other programs and make copies of itself and spread into Other programs is called virus. Programs that multiply like viruses but spread from computer to Computers are called as worms.
5.3 E Mail and IRC related Crimes
Email spoofing refers to email that appears to have been originated from one source when it was actually sent from another source. A spoofed email is one that appears to originate from one source but has actually emerged from another source. Falsifying the name and / or email address of the originator of the email usually does email spoofing. Usually to send an email the sender has to enter the following information:
Defamation: Defamation can be understood as the intentional infringement of another person’s right to his good name. Cyber Defamation occurs when defamation takes place with the help of computers and / or the Internet. Cyber defamation is also called as Cyber smearing.
Email spoofing is very often used to commit financial crimes. It becomes a simple thing not just to assume someone else's identity but also to hide one's own. The person committing the crime understands that there is very little chance of his actually being identified. In a recently reported case, a Pune based businessman received an email from the Vice President of the Asia Development Bank (ADB) offering him a lucrative contract in return for Rs 10 lakh. The businessman verified the email address of the Vice President from the web site of the ADB and subsequently transferred the money to the bank account mentioned in the email. It later turned out that the email was a spoofed one and was actually sent by an Indian based in Nigeria. In another famous case, one Mr. Rao sent himself spoofed e-mails, which were upposedly from the Euro Lottery Company. These mails informed him that he had won the largest lottery. He also created a website in the name of the Euro Lottery Company, announced n it that he had won the Euro Lottery and uploaded it on to the Internet. He then approached the Income Tax authorities in India and procured a clearance certificate from them for receiving the lottery amount. In order to let people know about the lottery, he approached many newspapers and magazines.
The media seeing this as a story that would interest a lot of readers hyped it up and played a vital role in spreading this misinformation. Mr. Rao then went to many banks and individuals and told them that having won such a large sum of money he was afraid for his safety. He also wanted to move into a better house. He wheedled money out of these institutions and people by telling them that since the lottery prize money would take some time to come to him, he would like to borrow money from them. He assured them that the loan amount would be returned as soon as the lottery money came into his possession. Lulled into believing him (all thanks to the Income Tax clearance) most of these people loaned large amounts of money to him. It was only when he did not pay back the loan amounts to the banks that they became suspicious. A countercheck by the authorities revealed the entire scheme. Mr. Rao was arrested. Later, it was found that some of the money had been donated for philanthropic causes and also to political parties!
Flooding a computer resource with more requests than it can handle. This causes the resource to crash thereby denying access of service to authorized users. Attempts to "flood" a network, thereby preventing legitimate network traffic, attempts to disrupt connections between two machines, thereby preventing access to a service, attempts to prevent a particular individual from accessing a service and attempts to disrupt service to a specific system or person are examples of Deniel Service Attacks.
A distributed denial of service (DoS) attack is accomplished by using the Internet to break into computers and using them to attack a network. Hundreds or thousands of computer systems across the Internet can be turned into “zombies” and used to attack another system or website.
Types of DOS
There are three basic types of attack:
a. Consumption of scarce, limited, or non-renewable resources like NW bandwith, RAM, CPU time. Even power, cool air, or water can affect.
b. Destruction or Alteration of Configuration Information
c. Physical Destruction or Alteration of Network Components
e. Pornography:-
The literal mining of the term 'Pornography' is “describing or showing sexual acts in order to cause sexual excitement through books, films, etc.”
This would include pornographic websites; pornographic material produced using computers and use of internet to download and transmit pornographic videos, pictures, photos, writings etc.
Adult entertainment is largest industry on internet.There are more than 420 million individual pornographic webpages today.
Research shows that 50% of the web-sites containing potentially illegal contents relating to child abuse were ‘Pay-Per-View’. This indicates that abusive images of children over Internet have been highly commercialized.
Pornography delivered over mobile phones is now a burgeoning business, “driven by the increase in sophisticated services that deliver video clips and streaming video, in addition to text and images.”
Effects of Pornography
Research has shown that pornography and its messages are involved in shaping attitudes and encouraging behavior that can harm individual users and their families.
Pornography is often viewed in secret, which creates deception within marriages that can lead to divorce in some cases.
In addition, pornography promotes the allure of adultery, prostitution and unreal expectations that can result in dangerous promiscuous behavior.
Some of the common, but false messages sent by sexualized culture.
Sex with anyone, under any circumstances, any way it is desired, is beneficial and does not have negative consequences.
Women have one value - to meet the sexual demands of men.
Marriage and children are obstacles to sexual fulfillment.
Everyone is involved in promiscuous sexual activity, infidelity and premarital sex.
Pornography Addiction
Dr. Victor Cline, an expert on Sexual Addiction, found that there is a four-step progression among many who consume pornography.
1.Addiction: Pornography provides a powerful sexual stimulant or aphrodisiac effect, followed by sexual release, most often through
masturbation.
2.Escalation: Over time addicts require more explicit and deviant material to meet their sexual "needs."
3.Desensitization: What was first perceived as gross, shocking and disturbing, in time becomes common and acceptable.
4.Acting out sexually: There is an increasing tendency to act out behaviors viewed in pornography.
There are millions of websites hosted on servers abroad, that offer online gambling. In fact, it is believed that many of these websites are actually fronts for money laundering.
n. Defamation: -
Defamation can be understood as the intentional infringement of another person's right to his good name.
Cyber Defamation occurs when defamation takes place with the help of computers and / or the Internet. E.g. someone publishes defamatory matter about someone on a website or sends e-mails containing defamatory information to all of that person's friends. Information posted to a bulletin board can be accessed by anyone. This means that anyone can place
Cyber defamation is also called as Cyber smearing.
Cyber Stacking:-
Cyber stalking involves following a persons movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc.
In general, the harasser intends to cause emotional distress and has no legitimate purpose to his communications.
p. Pedophiles:-
Also there are persons who intentionally prey upon children. Specially with a teen they will let the teen know that fully understand the feelings towards adult and in particular teen parents.
They earns teens trust and gradually seduce them into sexual or indecent acts.
Pedophiles lure the children by distributing pornographic material, then they try to meet them for sex or to take their nude photographs including their engagement in sexual positions.
q. Identity Theft :-
Identity theft is the fastest growing crime in countries like America.
Identity theft occurs when someone appropriates another's personal information without their knowledge to commit theft or fraud.
Identity theft is a vehicle for perpetrating other types of fraud schemes.
r. Data diddling:-
Data diddling involves changing data prior or during input into a computer.
In other words, information is changed from the way it should be entered by a person typing in the data, a virus that changes data, the programmer of the database or application, or anyone else involved in the process of having information stored in a computer file.
It also include automatic changing the financial information for some time before processing and then restoring original information.
s. Theft of Internet Hours:-
Unauthorized use of Internet hours paid for by another person.
By gaining access to an organisation's telephone switchboard (PBX) individuals or criminal organizations can obtain access to dial-in/dial-out circuits and then make their own calls or sell call time to third parties.
Additional forms of service theft include capturing 'calling card' details and on-selling calls charged to the calling card account, and counterfeiting or illicit reprogramming of stored value telephone cards.
t. Theft of computer system (Hardware):-
This type of offence involves the theft of a computer, some part(s) of a computer or a peripheral attached to the computer.
u. Physically damaging a computer system:-
Physically damaging a computer or its peripheralseither by shock, fire or excess electric supply etc.
v. Breach of Privacy and Confidentiality
Privacy
Privacy refers to the right of an individual/s to determine when, how and to what extent his or her personal data will be shared with others.
Breach of privacy means unauthorized use or distribution or disclosure of personal information like medical records, sexual preferences, financial status etc.
Confidentiality
It means non disclosure of information to unauthorized or unwanted persons.
In addition to Personal information some other type of information which useful for business and leakage of such information to other persons may cause damage to business or person, such information should be protected.
Generally for protecting secrecy of such information, parties while sharing information forms an agreement about he procedure of handling of information and to not to disclose such information to third parties or use it in such a way that it will be disclosed to third parties.
Many times party or their employees leak such valuable information for monitory gains and causes breach of contract of confidentiality.
Special techniques such as Social Engineering are commonly used to obtain confidential information.
Computer virus :
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability. A true virus can spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive.
Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.
As stated above, the term "computer virus" is sometimes used as a catch-all phrase to include all types of malware, even those that do not have the reproductive ability. Malware includes computer viruses, computer worms, Trojan horses, most rootkits, spyware, dishonest adware and other malicious and unwanted software, including true viruses. Viruses are sometimes confused with worms and Trojan horses, which are technically different. A worm can exploit security vulnerabilities to spread itself automatically to other computers through networks, while a Trojan horse is a program that appears harmless but hides malicious functions. Worms and Trojan horses, like viruses, may harm a computer system's data or performance. Some viruses and other malware have symptoms noticeable to the
Viruses:
A virus is malicious software that is attached to another program file so that they can spread from one machine to another. For your machine to be infected, you must have or had run an infected program or software. Viruses are potential threats to machines and the entire network, they don’t only constitute a strain or nuisance; but are like a time bomb that could destroy all files or contents in your hard drive. A virus normally requires a delivery mechanism-a vector-such as a zip file or some other executable file attached to an e-mail, to carry the virus code from one system to another. The key element that distinguishes a computer worm from a computer virus is that human interaction is required to facilitate the spread of a virus.
Trojan Horses:
A Trojan is a software or program that has a hidden agenda! It is a program written to look like something else. When a software or program that contains Trojan virus is run on your computer, it is doing something else different from what it is meant to do. For example, you install oe download a free game or software from the Internet, while you are busy running or playing the game; the Trojan horse mails a copy of itself to every address in your address book. The other users receive the game and play it, thereby spreading the Trojan horse to the addresses in each address book. Most Trojan horse creates loopholes or backdoor program on user systems, attackers can use the program to cause mouse cursors to disappear or use it to install keystroke loggers (programs that record all user keystrokes) to capture sensitive information.
Solution:
What is the Difference Between Virus, Worm and Trojan?
The most common blunder people make when the topic of a computer virus arises is to refer to a worm or Trojan horse as a virus. While the words Trojan, worm and virus are often used interchangeably, they are not the same. Viruses, worms and Trojan Horses are all malicious programs that can cause damage to your computer, but there are differences among the three, and knowing those differences can help you to better protect your computer from their often damaging effects. A computer virus attaches itself to a program or file so it can spread from one computer to another, leaving infections as it travels. Much like human viruses, computer viruses can range in severity: Some viruses cause only mildly annoying effects while others can damage your hardware, software or files. Almost all viruses are attached to an executable file, which means the virus may exist on your computer
but it cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going. People continue the spread of a computer virus, mostly unknowingly, by sharing infecting files or sending e-mails with viruses as attachments in the e-mail.
A worm is similar to a virus by its design, and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. A worm takes advantage of file or information transport features on your system, which allows it to travel unaided. The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line. Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too much system memory (or network bandwidth), causing Web servers, network servers and individual computers to stop responding. In more recent worm attacks such as the much- talked-about .Blaster Worm., the worm has been designed to tunnel into your system and allow malicious users to control your computer remotely.
What is the Difference Between Malware, Virus, Rootkits, Spyware, Worm and Trojan?
Whenever your computer starts acting weird and makes it difficult for you to work on, the first thing that comes to you mind is whether a virus has affected your computer. Some of those times, your fears might turn out to be true. Hence it helps to know about these enemies of your computer and get a basic understanding of how they work. That could help you deal with them in a faster & better way.
Malware is any malicious program or software that’s designed to exploit a computer user. Malware is basically an umbrella term covering computer viruses, worms, Trojan, spyware, rootkit etc. Some of ‘em attack the computer programs and files while others attack users confidential data. Let’s have a detailed look at their mode of operation.
What is a Virus?
Just as a biological virus replicates itself in a human cell, a computer virus replicates itself in computer memory when initiated by the user. Not only they replicate themselves but may also contain some malicious codes which can affect your files, your operating system or even your master boot records thereby making your computer start slow or not boot at all. There are different types of viruses, some affect the system adversely and leave it completely unusable while some are just written to annoy the user. Disabling task manager or desktop wallpaper is one of the most common ways that virus creators employ to irritate users. As a virus always needs a human action to initiate itself, in a computer most of them attach themselves to an executable .exe file because it knows eventually the user will double click on it to run it and that’s all it needs to infect the computer. Yes, unfortunately, most viruses are inadvertently initiated by the computer users themselves and hence it is important that when you install and run programs, you know beforehand that you got them from a trusted source.
An Introduction to DDoS – Distributed Denial of Service
attack
As you might have heard, the famous blogging service WordPress.com was recently unavailable for around an hour due to a huge Distributed Denial of Service attack carried out by many infected computers on the Internet. In this article, let us look at what a Distributed Denial of Service attack is, why it is hard to detect and mitigate, few types of DDoS attacks & some measures one can take to prevent/ mitigate them.
DDoS stands for Distributed Denial of Service attack. It is a form of attack where a lot of zombie computers (infected computers that are under the control of the attacker) are used to either directly or indirectly to flood the targeted server(s) – victim, with a huge amount of information and choke it in order to prevent legitimate users from accessing them (mostly web servers that host websites). In most cases, the owners of the zombie computers may not know that they are being utilized by attackers. In some cases, there is only a periodic flooding of web servers with huge traffic in order to degrade the service, instead of taking it down completely.
As you can see
in the above architecture diagram representing Distributed Denial of Service (DDoS) attacks, there
maybe up to five components. Two of them are aways there – The attacker/ master computer from where the attacks are initiated and the Victim/ Attacked server which comes under the attack. Presence of just these two components makes it a Denial of Service attack (DOS).
The three components in the middle, make it a Distributed Denial of Service attack! Zombies /
botnets are the computers from which the DDoS attacks are carried out. They may either be
volunteer computers or in most cases, infected computers of Internet browsing users who download certain malicious software unawares (from bit-torrent sites, etc) which entitles them to be controlled
by the attackers. There maybe an additional layer of handlers / controlling computers which issue
instructions to the zombies/ agents & a reflector layer which amplifies the number of requests that
arrive from zombies, and sends it to the victim servers to cripple it.
Since unsuspecting user’s computers are used as zombies to carry out the attacks against the victim server, it is difficult to trace down the actual attacker. More over, there are no fixed IP addresses/ IP address series for the zombie computers that connect to the Internet using broadband connections, and even if some of attacking zombie computers are identified and blocked, more computers can always be summoned by the attacker.
Sometimes, even zombie computers do not directly communicate with the victim servers – instead they spoof the IP address of the victim server and send requests to large number of reflector computers (which may not be infected). This makes the reflectors to send huge reply packets to victim servers, as they need to reply back to all the requests from what it thinks is the originator!
It might be relatively easier to identify and fend off the bigger attacks from small number of systems like 10 machines sending 1000 requests per second than 1000 machines sending 10 requests per second, which is possible with DDoS attacks.
Some of these attacks are in the range of multiple Gigabits per second (In the case of WordPress.com, it was 4 Gbps). Since most Internet connectivity links to individual organizations are lesser than that, such high magnitude attacks can choke the entire Internet bandwidth.
There are two types of DDoS attacks – Attacks that target the Network (Internet bandwidth) and choke the Internet bandwidth used by the victim server, so that it cannot accept legitimate requests coming from genuine users through the Internet gateway & Attacks that target the vulnerabilities in applications in order to cripple server resources like CPU, RAM, Buffer memory, etc and make the servers unavailable for handling any legitimate requests.
For example, DNS attack targets the network. In this, many zombie computers query DNS servers simultaneously (with the spoofed IP address of the victim server). Now, the DNS servers need to respond back to the queries, to the source IP address. Since all the source IP addresses are of the victim server, all the responses are sent there – thereby chocking the bandwidth available with the victim server. Likewise, a Syn Flood attack targets applications – It opens multiple connections (using multiple zombie computers) to the victim server using ‘Syn’ requests. The server responds with ‘Syn-Ack’ acknowledgement. The zombie computers need to send back an ‘Ack’ response, for the victim server to close the connection. But they don’t do that, resulting in many open connections (which cannot be used by other users) in the server.
The handlers, are a small number of controlling computers which communicate with the numerous zombie computers using command and control signals, which can be intercepted to identify the handlers/ master computer. But sometimes, even those communications are encrypted by attackers.
Ryan v Premachandran [2009] NSWSC 1186 illustrates the dangers of sending a defamatory email. More than $80, 000 in damages was awarded to a Sydney primary school principal as the result of a defamatory email sent by a disgruntled parent. The parent sent an email to 14 other parents, alleging that the principal was incompetent, dishonest, untrustworthy, responsible for the school’s low education standard, and not fit to hold her position. The award of damages took into account harm occasioned by what the court found was the malicious conduct of the defendant in publishing the email. Remember:
Emails can be Defamatory: [Can you be liable for a defamatory statement you made in an email? Yes you can.
Defamation is defined as communication to third parties of false statements about a person that injure the
reputation of or deter others from associating with that person. Defamation can take one of two forms:
slander or libel. Slander covers oral defamatory statements while libel addresses the written version.
Defamation is an abusive attack on a person's character or good name. If a person is harmed in any way
by your statement(s), you can be held accountable in a court of law for your actions.
Defamation requires "publication." When you send a defamatory statement about another person to
others than the one you are defaming, that constitutes publication. Any every time an email is sent, it is
considered a new publication. Every one who has a role in the publication of that email may be liable.
You should treat email as any other form of communication. If you do not want others to see what you
have written, do not put it in an email. Also keep in mind that the person you send the email to may
forward it on to others, who may do likewise. What you may think is a joke may very well be offensive to
another person.
Deleting an email does not protect you. Remember that the message is stored somewhere else on your
computer and those computer whiz kids have a way of retrieving it no matter how old.
Email has made the world smaller. But this creates another new problem in defamation litigation. A lawsuit can be filed wherever the email was sent, received, or published.]
Internet Relay Chat ( IRC ) is a protocol for real-time Internet text messaging (chat) or synchronous conferencing.It is mainly designed forgroup communication in discussion forums, called channels , but also allows one-to-one communication via private message[3]^ as well as chat and data transfer, ]^ including file sharing.
IRC was created in 1988. Client software is available for every major operating system that supports Internet access. As of April 2011, the top 100 IRC networks served more than half a million users at a time,]^ with hundreds of thousands of channels operating on a total of roughly 1,500 servers [7]^ out of roughly 3,200 servers worldwide.
“Chat room" is another name for an Internet Relay Chat ( IRC ) channel. IRC chat takes place on a network of servers, the network that hosts the Wikimedia channels is known as freenode. To participate in the chat, you need a type of program or plug-in called an IRC client. Popular clients include mIRC (Windows), Colloquy (Mac OS X), ChatZilla (Firefox), irssi (cross-platform), and XChat (cross-platform). There are alsoscripts available to enhance your IRC client, and Java-based chat clients that work in most web browsers if you are travelling or do not wish toinstall separate software.
Internet Relay Chat (IRC) Crime:
Internet Relay Chat ( IRC ) is a form of real-time Internet Online chat or synchronous conferencing. It is mainly designed for group communication in discussion forums called channels , but also allows one-to- one communication via private message, as well as chat and data transfers via Direct Client-to-Client
Electronic Harassment or Threat Electronic harassment may occur in a variety of forms. It can include sending offensive material or threats through company or private email, posting another individual’s private information on the World Wide Web, or attacking another’s computer through elaborate methods. One such common attack is called "email bombs," where massive amounts of junk mail is sent to a person in an attempt to crash their computer. Threatening or harassing messages aren’t limited to e-mail messages. While email is a common method of sending threats or harassing messages, Internet technologies provide new methods for criminal activities. A person may also receive such messages through IRC (Internet Relay Chat), bulletin boards, Web pages, chat rooms, and online messaging systems. Threatening or harassing email should never be excused as a prank. Although it is rare for a person’s behavior on the Internet to spill over into the real world, threats should always be taken seriously. It is dangerous to dismiss threatening email, believing the threats will never be acted upon. Even a slim chance of being hurt should be considered too risky to ignore. Remember that threatening or harassing someone through email is just as illegal as doing so in an offline form.
Email fraud:
Email fraud is the intentional deception made for personal gain or to damage another individual through email. Almost as soon as emailbecame widely used, it began to be used as a means to defraud people. Email fraud can take the form of a "con game" or scam. Confidence tricks tend to exploit the inherent greed and dishonesty of their victims: the prospect of a 'bargain' or 'something for nothing' can be very tempting. Email fraud, as with other 'bunco schemes' relies on naive individuals who put their confidence in get-rich-quick schemes such as 'too good to be true' investments or offers to sell popular items at 'impossibly low' prices. Many people have lost their life savings due to fraud. Avoiding email fraud
Some sites use various tricks to extract a surfer's email address from the web browser, sometimes without the surfer noticing it. Those techniques include: 6.1. Making the browser fetch one of the page's images through an anonymous FTP connection to the site. 6.2. (^) Using JavaScript to make the browser send an email to a chosen email address 6.3. Using the HTTP_FROM header that browsers send to the server.
Email spoofing:
Forging an e-mail header to make it appear as if it came from somewhere or someone other than the actual source. The main protocol that is used when sending e-mail -- SMTP -- does not
include a way to authenticate. There is an SMTP service extension (RFC 2554) that allows an
SMTP client to negotiate a security level with a mail server. But if this precaution is not taken anyone with the know-how can connect to the server and use it to send spoofed messages by altering the header information. In some jurisdictions, e-mail spoofing anyone other than yourself is illegal.
What are the security challenges of Cloud Computing?
How do I secure my wireless network?
How do I avoid getting spammed?
How do I secure my Windows PC?
e-mail spoofing
Do cookies compromise security?
What type of firewall do I need?
What are computer viruse
(Email spoofing refers to the process of sending an email message from one source, but making it appear as though the email was sent from a different source. For example, an email originates from [email protected] but it appears to be from [email protected]. Another method of spoofing is to make the message appear to come from an unknown user within your domain name. For example, the message appears to be from [email protected].
This does not mean that your email account was compromised. It means that the sender has fooled the mail client into believing the email originated from a different address.
This is usually done for malicious reasons, either to distribute unsolicited email or to distribute email viruses. Unfortunately, there is no real way to prevent spoofing from occurring. If you receive an email that has questionable
content, it is recommended to delete the email message or use an antivirus program to scan the message before opening it.)
E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. Distributors of spamoften use spoofing in an attempt to get recipients to open, and possibly even respond to, their solicitations. Spoofing can be used legitimately. Classic examples of senders who might prefer to disguise the source of the e-mail include a sender reporting mistreatment by a spouse to a welfare agency or a "whistle-blower" who fears retaliation. However, spoofing anyone other than yourself is illegal in some jurisdictions.
E-mail spoofing is possible because Simple Mail Transfer Protocol (SMTP), the main protocol used in sending e-mail, does not include an authentication mechanism. Although an SMTP
service extension (specified in IETF RFC 2554) allows an SMTP client to negotiate a security
level with a mail server, this precaution is not often taken. If the precaution is not taken, anyone
with the requisite knowledge can connect to the server and use it to send messages. To send
spoofed e-mail, senders insert commands in headers that will alter message information. It is
possible to send a message that appears to be from anyone, anywhere, saying whatever the
sender wants it to say. Thus, someone could send spoofed e-mail that appears to be from you
with a message that you didn't write.
Although most spoofed e-mail falls into the "nuisance" category and requires little action
other than deletion, the more malicious varieties can cause serious problems and security risks.
For example, spoofed e-mail may purport to be from someone in a position of authority, asking
for sensitive data, such as passwords, credit card numbers, or other personal information -- any
of which can be used for a variety of criminal purposes. The Bank of America, eBay, and Wells
Fargo are among the companies recently spoofed in mass spam mailings. One type of e-mail
spoofing, self-sending spam, involves messages that appear to be both to and from the recipient.
Email Bombing:
A malicious act where huge numbers of e-mails are directed to a specific system or a targeted user of that system. Mail bombs will usually fill the allotted space on an e-mail server for the users e-mail and can result in crashing the e-mail server, or at the very least, possibly rendering the user's computer useless as their e-mail client attempts to download the huge amounts of e- mail. Also called a mail bomb. E-mail bomb is different from bomb which usually refers to a program hanging or ending prematurely.
Email bombing is a form of denial of service attack that floods an inbox and mail server with
messages. If enough messages are sent, the systems may be overloaded and they will stop
working. Many Internet service providers (ISPs) regard email bombing as a violation of the
terms of service and they will suspend accounts of people involved in such attacks.
There are several ways to coordinate an email bombing attack. One is to send large numbers
of email directly, often using multiple accounts. Spreading the emails out over many accounts
will also make it harder to pin down the source of the attack, and it will not tip off ISPs that flag
high email volume from a single account. A virus can be written to hijack email accounts held by
other people and use them to bomb the target.