ALL >> Computers >> View Article
Tracking And Detecting Valid Mailboxes Through Html Emails
Back in the days when Windows 98 was the latest Microsoft operating system, HTML email messages accounted for a large number of infected Windows-based systems. Surprisingly, things have not changed much nowadays either. Accepting and displaying HTML email messages still pose a great deal of threats for email users, regardless of what operating system they are using, or if the latter is actually immune to an attack based on vulnerabilities of other systems.
To illustrate, here are some of the possible threats posed by the use of HMTL messages; including, but not limited to virus or other malware infections, which still account for a high degree of risk.
Threats posed by the use of html emails
Based on HTML email, a malicious person is able to perform different scams and phishing attacks. These types of attacks consist in fooling the targeted email address user into giving out personal information such as: name, address, email address, personal bank account information. Such attacks involve impersonating a legitimate website to which the user may have previously registered and created an account.
Some ...
... scammers may go as far as impersonating banks or other financial institutions such as PayPal, in order to obtain credit card information or other personal details that can later be used to purchase goods, or even to empty a bank account. Many bank account frauds are made this way. As a countermeasure, if HTML emails are filtered at server level in a way that causes only text to be displayed such fraud attempts can be blocked and prevented.
Email clients have different approaches to HTML email. Mozilla Thunderbird, for example, does not display HTML content by default, as opposed to Outlook Express which displays HTML content by default. This does not mean that scams cannot be performed using simple text as well, but the probability for someone to believe a text message is lower in comparison to seeing an exact replica of their bank's website requesting their personal details.
As compared to these attempts some of our peers make with the purpose to scam people for their personal information, viruses and worms do not use the same techniques. Their goal may be infecting the operating system, but the infection mechanism may be hidden behind a special offer for a free product, that may actually cost the user a lot more than if they had bought a similar product for real money.
Another commonly encountered threat consists in the simple viewing of a HTML message that can further trigger the delivery of more spam to the user's mailbox.
How is that possible? You may ask. For instance, the spammer sends HTML messages that contain a different image filename link in each of the sent out messages. He also has an association between each image filename link and the email address that the message is sent to. When the message is displayed on the user's computer, if HTML viewing is enabled, the respective image file will be automatically requested from the spammer's server. At this point, the spammer knows that the message has been viewed on a computer and, based on the requested filename and using the association created, he now knows that the respective e-email address is in use. As a result, the spammer has found an active email user that he can convince to buy some of the products he advertises for. Another source of income for the spammer is selling a database of verified addresses, which is even more valuable than a database that contains 3 quarters of bouncing addresses.
This concludes some of the most important scenarios and consequences of using HTML in an email application.
For the original story, please check: http://www.mailradar.com/articles/Security/Tracking-and-detecting-valid-mailboxes-through-HTML-emails-41/page1.html
Add Comment
Computers Articles
1. 00al556 Ibm 550-watts Platinum Power Supply For X3650 M4: Reliable And Energy-efficient Power For Enterprise ServersAuthor: Server Tech Central
2. Iot Identity And Access Management (iam) Market : Driving Secure Innovation In Connected Ecosystems
Author: Umangp
3. Why Should You Plan Blinkit Onboarding Before Market Expansion And How Can Zane Marketing Help You Grow Faster
Author: Zane Marketing
4. Customer Identity And Access Management (ciam) Market : Strengthening Security And Customer Trust
Author: Umangp
5. How To Start Your Website Redesign Project?
Author: brainbell10
6. Sap Compliance In Manufacturing: Closing The Gaps Grc Leaves Behind
Author: Mansoor Alam
7. Speech Analytics Market : Unlocking Actionable Insights From Customer Conversations
Author: Umangp
8. Data Preparation Tools Market: How Ai And Cloud-based Solutions Are Transforming Modern Data Workflows
Author: Umangp
9. How To Setup And Create Instagram Ads?
Author: brainbell10
10. Why Digital Business Cards Are The Future Of Professional Networking
Author: WhyTap
11. End To End Sataware Product Development Is The Process Of Identifying Market Opportunities To Hire Flutter Developer, Connecting User Needs And Requir
Author: brainbell10
12. Dynamics Nav To Business Central Upgrade Guide
Author: brainbell10
13. Data Governance Framework: Building Trust In The Digital Age
Author: Umangp
14. A Complete Guide To Dynamics 365 Warehouse Management
Author: brainbell10
15. Conversational Ai In Intelligent Contact Centers: Market Outlook And Future Growth To 2028
Author: Umangp






