Fake e-mails are a part of everyday life on the Internet. Perpetrators often employ sophisticated social engineering techniques to trick people into revealing personal data, banking details and passwords.These tricks are regularly used by scammers to deceive victims in order to get them to send money or sensitive information.Fraudsters can create e-mails that appear to come from any address they want in a few minutes, using common e-mail software applications, said Bevil Wooding, an Internet Strategist with US-based Packet Clearing House.
Incidents of e-mail fraud often have an international dimension because e-mail servers can be located in various parts of the world and are therefore beyond the jurisdiction of local law enforcement."Fake e-mails are surprisingly easy to create, if you know the tricks. Fortunately, they are also possible to spot, if you know what to look for," Wooding said.The way to expose whether an e-mail message is fake or real, he said, is to obtain an electronic copy of the e-mail and examine the headers associated with it.Headers outline details such as where the message originated, who sent it, the software programme used to compose it, and the e-mail servers on the Internet that it passed through on its way to the recipient.
The header will also reveal the real e-mail account and IP addresses used to send the message."However, tracing the source can be challenging if multiple jurisdictions are involved and if the owners of the e-mail servers involved are unco-operative. This is why e-mail traces typically involve court orders, police investigations and professional forensic audits of the electronic trail."
"To fake an e-mail is not hard," said Ronald Hinds, CEO of Teleios Systems, a Trinidad-based technology company, "but to fake it properly so that it's not going to get caught is hard. I can easily make an account that says 'whistleblower@tt-parliament.org,' on the 'From' field for example, but it doesn't mean when you reply that it's going to go back to that address, and it doesn't mean it's from that address...Unless you look at the e-mail header information to see it's actually coming from a different account and an unusual IP address, you wouldn't know."
Ways To Fake E-mails
The Caribbean Network Operators Group (CaribNOG) lists several methods fraudsters use to send fake e-mails:
1. Spoof the content of an e-mail to claim that it came from someone else. This is relatively trivial since the sender can use any standard e-mail client to set the headers and body of any e-mail which is sent.
2. Hack into an online e-mail account service or access an unlocked or compromised computer, or a hacked online account, and send an e-mail as another user. In this case, the scammer must get the details and the tone of the message right so that it doesn't appear out of character. This sort of forgery can be hard to detect.
3. Hack into a mail server and add an unauthorised message into the mail queue. This approach can be done to either inbound or outbound queue, allowing an intruder to cause mail to leave your Outbox, or enter your Inbox. This sort of forgery can also be tough to spot.
4. Create and print a document that looks like an e-mail, though it never was, and leave that document as misinformation to be found and acted upon. Of course, e-mails constructed this way will not match up to any legitimate e-mails found on servers or computer logs. If a proper forensic audit is done, this type of fraud is generally easily exposed.
Gerard Best is New Media Editor at Guardian Media Limited.