Email snooping

Posted on 28 July 2007 by james
closeThis post was published 4 years 6 months 12 days ago. Therefore, it may well be out of date. Do not reply on the contents of this post being accurate.

The article on WashingtonPost.com Set a Hacker Alarm on Your Web Mail Box outlines a potential problem with webmail accounts and proposes a ‘clever’ solution.

The problem they report is that hackers can break-in to your webmail account and read your emails thus harvesting sensitive information allowing them to easily relieve you of your money. Now, I’m sure this can and does happen, however, the solution proposed is far from effective.

In summary, the solution proposed is to insert a honeypot email in your inbox that contains an attachment which, when clicked, opens a web page containing a stat counter. The idea, of course, is that as long as you don’t click the baited attachment yourself any hits on the page will indicate someone else is looking at your mail.

On the clever scale this rates just above zero!

  1. Hackers taught the security community and (to a lesser degree) the general user community not to click on random links. Hackers invented phishing. Only the most stupid hacker is going to fall for this trick.
  2. If a hacker does have access to your mailbox and s/he wants to read an attachment they won’t launch it in a browser. Far more likely they’ll open it in Notepad and read the ‘contents’ of the file, thus rendering the HTML-based stat-counter absolutely useless.
  3. Using ‘tempting’ files names such as BankPasswords and Account Log-ins is not going fool a real hacker – more likely it’ll act as a big red flag to them.
  4. And if you find out your email has been snooped, what are you going to do about it? Chances are the damage has been done and any reactive action you take could have probably been done in advance to prevent the attack from happening in the first place.

Clever? No.

If you want to be really clever and prevent hackers from reading sensitive information in your webmail, there’s only three things you need to do.

  1. Make sure your machine is clean (virus-free, spyware-free, and botnet-free)
  2. Change your webmail password regularly
  3. Don’t store sensitive information in your webmail

Follow these three steps and you won’t have to worry about setting traps for hackers.

PS. Using Mac OS X will greatly enhance your chances of achieving recommendation 1 – by a long chalk, as they say!

This entry was posted in Security. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>