| More

Frequently Asked Questions

Back to Listings
Question:

How many and what kind of attacks can be carried out via Email?

Answer:

Email Security:

There are four (5) types of attacks on system security that can be carried out via electronic mail:

  • Active Content attacks, which take advantage of various active HTML and scripting features and bugs.
  • Buffer Overflow attacks, where the attacker sends something that is too large to fit into a fixed-size memory buffer in the email client, in the hopes that the part that doesn't fit will overwrite critical information rather than being safely discarded.
  • Trojan Horse attacks, where an executable program or macro-language script that grants access, causes damage, self-propagates or does other unwelcome things is mailed to the victim as a file attachment labeled as something innocuous, such as a greeting card or screen saver, or hidden in something the victim is expecting, such as a spreadsheet or document.  This is also called a Social Engineering attack, where the goal of the attack is to convince the victim to open the message attachment.
  • Shell Script attacks, where a fragment of a Unix shell script is included in the message headers in the hopes that an improperly-configured Unix mail client will execute the commands.
  • Another attack on the user's privacy, but not on system security, is the use of so-called Web Bugs (spyware) that can notify a tracking site when and where a given email message is read.
Back to Top