E-mail related crimes

Email has fast emerged as the world's most preferred form of communication. Billions of email messages traverse the globe daily. Like any other form of communication, email is also misused by criminal elements. The ease, speed and relative anonymity of email has made it a powerful tool for criminals.

Some of the major email related crimes are:

1. Email spoofing

2. Sending malicious codes through email

3. Email bombing

4. Sending threatening emails

5. Defamatory emails

6. Email frauds

Email spoofing

A spoofed email is one that appears to originate from one source but has actually emerged from another source. Falsifying the name and / or email address of the originator of the email usually does email spoofing. usually to send an email the sender has to enter the following information:

i. email address of the receiver of the email

ii. email address(es) of the person(s) who will receive a copy of the email (referred to as CC for carbon copy)

iii. email address(es) of the person(s) who will receive a copy of the email (referred to as CC for carbon copy, but whose identities will not be known to the other recipients of the e-mail (known as BCC for blind carbon copy)

iv. Subject of the message (a short title / description of the message)

v. Message

Certain web-based email services like www.SendFakeMail.com, offer a facility wherein in addition to the above, a sender can also enter the email address of the purported sender of the email.

Consider Mr. Siddharth whose email address is siddharth@hotmail.com. His friend Golu's email address is golu@yahoo.com. Using SendFakeMail, Siddharth can send emails purporting to be sent from Golu's email account. All he has to do is enter golu@yahoo.com in the space provided for sender's email address. Golu's friends would trust such emails, as they would presume that they have come from Golu (whom they trust). Siddharth can use this misplaced trust to send viruses, Trojans, worms etc. to Golu's friends, who would unwittingly download them.

Spreading Trojans, viruses and worms

Emails are often the fastest and easiest ways to propagate malicious code over the Internet. The Love Bug virus, for instance, reached millions of computers within 36 hours of its release from the Philippines thanks to email. Hackers often bind Trojans, viruses, worms and other computer contaminants with e-greeting cards and then email them to unsuspecting persons. Such contaminants can also be bound with software that appears to be an anti-virus patch. E.g. a person receives an email from Compose From To CC BCC Subject

Message

information@mcaffee.com (this is a spoofed email but the victim does not know this). The email informs him that the attachment contained with the email is a security patch that must be downloaded to detect a certain new virus. Most unsuspecting users would succumb to such an email (if they are using a registered copy of the McAffee anti-virus software) and would download the attachment, which actually could be a Trojan or a virus itself!

Email bombing

Email bombing refers to sending a large amount of emails to the victim resulting in the victim's email account (in case of an individual) or servers (in case of a company or an email service provider) crashing. A simple way of achieving this would be to subscribe the victim's email address to a large number of mailing lists. Mailing lists are special interest groups that share and exchange information on a common topic of interest with one another via email. Mailing lists are very popular and can generate a lot of daily email traffic - depending upon the mailing list. Some generate only a few messages per day others generate hundreds. If a person has been unknowingly subscribed to hundreds of mailing lists, his incoming email traffic will be too large and his service provider will probably delete his account. The simplest email bomb is an ordinary email account. All that one has to do is compose a message, enter the email aaddress of the victim multiple times in the "To" field, and press the "Send" button many times. Writing the email address 25 times and pressing the "Send" button just 50 times (it will take less than a minute) will send 1250 email messages to the victim! If a group of 10 people do this for an hour, the result would be 750,000 emails! There are several hacking tools available to automate the process of email bombing. These tools send multiple emails from many different email servers, which makes it very difficult, for the victim to protect himself.

Threatening emails

Email is a useful tool for technology savvy criminals thanks to the relative anonymity offered by it. It becomes fairly easy for anyone with even a basic knowledge of computers to become a blackmailer by threatening someone via e-mail.

In a recent case, Poorva received an e-mail message from someone who called him or herself 'your friend'. The attachment with the e-mail contained morphed pornographic photographs of Poorva. The mail message said that if Poorva were not to pay Rs. 10,000 at a specified place every month, the photographs would be uploaded to the Net and then a copy sent to her fiancé. Scared, Poorva at first complied with the wishes of the blackmailer and paid the first Rs. 10, 000. Next month, she knew she would have to approach her parents. Then, trusting the reasonableness of her fiancé she told him the truth. Together they approached the police. Investigation turned up the culprit - Poorva's supposed friend who wanted that Poorva and her fiancé should break up so that she would get her chance with him.

Defamatory emails

As has been discussed earlier cyber-defamation or even cyber-slander as it is called can prove to be very harmful and even fatal to the people who have been made its victims.

Email Frauds

Email spoofing is very often used to commit financial crimes. It becomes a simple thing not just to assume someone else's identity but also to hide one's own. The person committing the crime understands that there is very little chance of his actually being identified. In a recently reported case, a Pune based businessman received an email from the Vice President of the Asia Development Bank (ADB) offering him a lucrative contract in return for Rs 10 lakh. The businessman verified the email address of the Vice President from the web site of the ADB and subsequently transferred the money to the bank account mentioned in the email. It later turned out that the email was a spoofed one and was actually sent by an Indian based in Nigeria.

In another famous case, one Mr. Rao sent himself spoofed e-mails, which were upposedly from the Euro Lottery Company. These mails informed him that he had won the largest lottery. He also created a website in the name of the Euro Lottery Company, announced n it that he had won the Euro Lottery and uploaded it on to the Internet. He then approached the Income Tax authorities in India and procured a clearance certificate from them for receiving the lottery amount. In order to let people know about the lottery, he approached many newspapers and magazines.

The media seeing this as a story that would interest a lot of readers hyped it up and played a vital role in spreading this misinformation. Mr. Rao then went to many banks and individuals and told them that having won such a large sum of money he was afraid for his safety. He also wanted to move into a better house. He wheedled money out of these institutions and people by telling them that since the lottery prize money would take some time to come to him, he would like to borrow money from them. He assured them that the loan amount would be returned as soon as the lottery money came into his possession. Lulled into believing him (all thanks to the Income Tax clearance) most of these people loaned large amounts of money to him. It was only when he did not pay back the loan amounts to the banks that they became suspicious. A countercheck by the authorities revealed the entire scheme. Mr. Rao was arrested. Later, it was found that some of the money had been donated for philanthropic causes and also to political parties!