How safe are you from email hijacking?

Once you possess an iPad, Debit/Visa card and use mobile banking, you are engaged in plenty of online transactions. Yes you’re trendy but are you secure? With the dawn of cloud services, the most intimate details of our lives are contained on remote servers in a single account. It is a good thing to store important information but on the other hand, this presents a lucrative monetization vector for miscreants. Criminals leverage on millions of hijacked credentials to send spam emails and links into the social connections of victims to comprise additional accounts or alternatively liquidate a victims financial assets using malware such as Zeus or key loggers. Even big names like Sony pictures and the US government have fallen prey to the acts of the Hijackers. That is how the cybercrime thing is a big challenge. No one is safe. You are probably not yet hacked into because nobody is interested for now.

Using phishing emails received by Gmail, researchers assembled what can be termed as an enlightening account of how email hijackers occur and how they can destroy your life in just seconds. Researchers concentrated on manual hijacking, a rare but more damaging practice.

Unlike me and you who are proletarian in using internet, email hijackers are human beings with all the suppleness, intelligence and knowledge at the job they are doing. They have above average technical ability plus additional knowledge of using IP cloaking services and Browser plug-ins. Some of these terms could be new to you yet you use internet every day.

The process of email hijacking begins with acquiring victims credentials also termed as reconnaissance or foot printing – the process of doing research about the target so as to understand key contacts, who is who, which kind of data they have and where they keep it and the kind of technology in use, among others. To do this, one uses several tools many of which are available freely on the Internet. According to the researchers, phishing (Email and website), is the most preferred attack vendor of choice for manual hijackers because it requires less infrastructure.

With email based phishing, the attackers send emails that pretend to come from a lawful source. The email requires user credentials under a false pretext such as looming account deactivation.

Once logged into your account, the criminals spend a momentous time profiling and maximizing your account to profit or damage. They can extract from a single credential and heavily abuse your information, making the attack highly upsetting to the victim; this makes such attacks very demanding and symbolizes an enduring threat to internet users.

With website phishing, the attackers impersonate well known site login pages in order to trick gullible users to submit their login credentials. Phishing focuses on acquiring email and financial institutions credentials.

Entitled Handcrafted Fraud and extortion: Manual Hijacking in the wild, the study revealed that the phishing culprits request target victims’ emails and banking institutions accounts as well as their App stores and social networking credentials.

Once the criminals get access to victim’s login credentials, they use a multitude of monetization vectors. They are good at taking advantage of human psychology and adhere to Playbook rule: access the account, assess its value, exploit it and make every effort to delay account recovery in order to increase the successful exploitation.

Once logged in, the criminals search through victim’s emails history for banking details or messages that the victim previously flagged as important. They also scam through email contacts which are then either solicited for funds or targeted with a salvo of targeted phishing emails.

The criminals also place emphasis on the Gmail Search feature. They open content folders of special significance such as Starred, drafts, sent mail and Trash-in that order. They also take a closer look at victim’s contacts to estimate the number of potential scam and phishing victims.

As they do all this, the attackers are mainly looking for financial data (financial status and Images of signatures to be used for future impersonation linked account credentials (e.g. usernames and passwords for the victims other accounts) and personal material that might be sold or used to blackmail e.g. adult pictures.

To keep away from detection, hijackers have well-known guidelines. For example they change recovery phone number, secret question and at worst, they delete user’s contacts. The study found out that criminals have the correct password for an account of 75 per cent of the time.

Most popular tactic when victims are locked out their account and delaying his recovery is re-directing future communications from the plea receipts to ‘‘doppelganger’’ account. Many times, the hijackers instigate email forwarding rules of ‘‘Reply-TO-address’’

The doppelganger account helps to separate their emails from the victim’s communications. A common tactic for doing so is to set up an email filter and redirect all hijacker-initiated communication to the Trash or to spam folder.

The doppelganger account more often than not looks convincingly similar from the point of view of the victim. They every so often use the same provider as victims’ account or introduce a tricky to detect typo to the username. Other hijackers prefer to host doppelganger with different email provider if at all possible but not necessarily with similar looking domain name for example Johndoe@example.com is a doppelganger account for Johndoe@gmail.com that retain the username but a different mail provider.

A typical scam scheme consists of an email describing a reasonably credible story of how the account owner got into difficult situation and pleads for financial assistance to help get out of the situation. The scams are semi-personalized e.g. take into account the victims gender, location, appeal to human emotions and systemically exploit known psychological principles to increase their success rate.

The attackers undertake to leverage the sometimes lenient and trusting treatment given by automated mail classifiers and humans to emails originating from a person’s regular contact. The scam schemes often share the same set of principles:

They craft a story with credible details that limit victims suspicion, they use words or phrases that induce sympathy and aim to convince e.g. apologizing and providing distracting details such as ‘‘the thief poked my neck with knife for almost two minutes’’ they also provide manifestation of limited financial risk for plea receipt as financial requests are typically requests for a loan with solid promises of swift repayment , they use language that discourages the plea receipt from trying to verify the story by contacting the victim through another means of communication, often through claims that victim’s phone was stolen.

 

Ifis Updates

Subscribe to our newsletter

You will be able to get all our weekly updates through the email you submit.

Newsletter

Subscribe to Newletter

Subscribe to our newsletter and stay updated with the latest in cybersecurity and digital forensics.