As email has become an integral part of our daily lives, so has the threat of email interception fraud. Email interception is the practice of monitoring the internet to read private messages intended for other people, as well as a method for criminals to steal information such as email usernames and passwords, giving hackers the power to hack personal or business email accounts.
Email interception can take place in a number of ways. One common method is for an attacker to gain access to an email server and read or modify the emails stored on that server. Another possibility is for an attacker to intercept emails in transit, between the sender and receiver, by using a technique called a man-in-the-middle attack. In this type of attack, the attacker inserts himself into the communication between the sender and receiver and can then read or modify the messages being exchanged.
Hackers use cleverly disguised phishing and spoofing scans to compromise email passwords of mail accounts. Once the login credentials have been stolen, they will create malicious forwarders and filters with the intention of intercepting sensitive emails, particularly messages that contain financial information such as invoices, payment requests, banking details, etc. Threat actors will then monitor these mailboxes until opportunity strikes.
An example of this would be an email where a buyer requests the banking details belonging to a seller. The attacker will intercept these messages and hide them before you’re able to see it. This is done to create a filter for your incoming email that sends messages from that address into a trash folder. The attacker will respond to the intercepted email using your compromised email account, or they may use a spoofing method. This is when an attacker uses another domain and uses your email address as the sender to make it look like the message came from your email account after changing the banking details. The buyer is unaware of this and will make the payment, effectively transferring the money into the fake bank account.
Email payment fraud is the result of a fraudster hacking into the email communications between a client and a company, and a scammer places malware into a computer. The malware will lie dormant until specific keywords relating to a request for funds or deposit payment are recognised. At this point, the attackers will make contact with the client in disguise as the solicitor claiming that the bank information for the company has changed and request funding be transferred to the ‘new account.’
Attackers are also playing the long game, analysing the emails while building up a timeline of the conveyancing activity. About three months into the transaction, they will contact the client by email and request the deposit. Since the emails have been intercepted for months at this point, the attackers are aware of the template and are able to produce an authentic-looking email. Once the payment has been received, the fraudsters will quickly withdraw the money and send it overseas.
To prevent email interception fraud, companies must recognise the importance of having safeguards in place to protect against unauthorised access to corporate email accounts. However, there is more that can be done on an individual level to minimise the risks. Tips for minimising risks include using different passwords for all email accounts relating to the domain, regularly changing passwords, and enabling two-factor authentication.
Another way to prevent email interception is by deploying and enforcing Domain Name System Security Extensions (DNSSEC), which can render DNS hijacking obsolete by requiring a signature to the DNS records with the domain owner’s private key. This guarantees that an attacker won’t be able to send a spoofed DNS record to the client because they can’t forge the signature. This also protects each protocol, such as Simple Mail Transfer Protocol (SMTP) and Hypertext Transfer Protocol (HTTP), against those attacks.