Data Mining for Obtaining Secure E-Mail Communications

Data Mining for Obtaining Secure E-Mail Communications

Mª Dolores del Castillo (Instituto de Automática Industrial (CSIC), Spain)
Copyright: © 2009 |Pages: 5
DOI: 10.4018/978-1-60566-010-3.ch070
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Email is now an indispensable communication tool and its use is continually growing. This growth brings with it an increase in the number of electronic threats that can be classified into five categories according to their inner behavior: virus, trojans, pharming, spam, and phishing. Viruses, trojans and pharming threats represent an attack to the user’s computer while the focus of attack of spam and phishing threats is mainly the user, that is, these last two threats involve a kind of intellectual attack. A virus is a small program that replicates itself and inserts copies into other executable code or documents using e-mails as a means of transport. Trojans can not replicate themselves and they are used to open a network port giving other users a means of controlling the infected computer. Other more dangerous trojans are called spy programs (spyware) which wait until users visit some websites and then capture all the keys typed and mouse movements and make screenshots to obtain information. Pharming is a technique used to redirect users to illegitimate websites. These three threats, in spite of being present in e-mails, can be solved by an anti virus program. The next two threats need e-mail filters to be solved and this chapter focuses on them: spam and phishing. Spam consists on the massive sending of unsolicited commercial e-mail to a large number of recipients. Unlike legitimate commercial e-mail, spam is sent without the explicit permission of the recipients. Spammers obtain e-mail addresses by different ways such as guessing common names at known domains or searching addresses in web pages. A report from the Commission of European Communities (“Communication from”, 2004) shows that more than 25 percent of all e-mail currently received is spam. More recent reliable data shows that spam represents 60-80 percent of e-mail volume. Spam is widely recognized as one of the most significant problems facing the Internet today. Spam has evolved to a new and dangerous form known as ‘phishing’. Phishing differs from spam in that it is generated by a criminal intent on stealing personal data for financial gain (“Spyware”, 2007). Phishing is the term used to describe emails which trick recipients into revealing their personal or their company’s confidential information such as social security and financial account numbers, account passwords and other identity or security information. According to Anti-Phishing Working Group (“June Phishing”, 2006) the number of phishing reports has increased from 20,109 in May 2006 to 28,571 in June 2006 and it is the most ever recorded. Phishing attacks increase despite of the efforts of e-mail filters. Although only 0.001 percent of e-mail sent is responded to, this percentage is enough to return on the investment and keep the phishing industry alive. Further research has estimated that the costs of these phishing attacks on consumers in 2003 ranged from $500 million to an amazing $2.4 billion.
Chapter Preview
Top

Introduction

Email is now an indispensable communication tool and its use is continually growing. This growth brings with it an increase in the number of electronic threats that can be classified into five categories according to their inner behavior: virus, trojans, pharming, spam, and phishing. Viruses, trojans and pharming threats represent an attack to the user’s computer while the focus of attack of spam and phishing threats is mainly the user, that is, these last two threats involve a kind of intellectual attack.

A virus is a small program that replicates itself and inserts copies into other executable code or documents using e-mails as a means of transport. Trojans can not replicate themselves and they are used to open a network port giving other users a means of controlling the infected computer. Other more dangerous trojans are called spy programs (spyware) which wait until users visit some websites and then capture all the keys typed and mouse movements and make screenshots to obtain information. Pharming is a technique used to redirect users to illegitimate websites. These three threats, in spite of being present in e-mails, can be solved by an anti virus program.

The next two threats need e-mail filters to be solved and this chapter focuses on them: spam and phishing. Spam consists on the massive sending of unsolicited commercial e-mail to a large number of recipients. Unlike legitimate commercial e-mail, spam is sent without the explicit permission of the recipients. Spammers obtain e-mail addresses by different ways such as guessing common names at known domains or searching addresses in web pages. A report from the Commission of European Communities (“Communication from”, 2004) shows that more than 25 percent of all e-mail currently received is spam. More recent reliable data shows that spam represents 60-80 percent of e-mail volume. Spam is widely recognized as one of the most significant problems facing the Internet today.

Spam has evolved to a new and dangerous form known as ‘phishing’. Phishing differs from spam in that it is generated by a criminal intent on stealing personal data for financial gain (“Spyware”, 2007). Phishing is the term used to describe emails which trick recipients into revealing their personal or their company’s confidential information such as social security and financial account numbers, account passwords and other identity or security information.

According to Anti-Phishing Working Group (“June Phishing”, 2006) the number of phishing reports has increased from 20,109 in May 2006 to 28,571 in June 2006 and it is the most ever recorded. Phishing attacks increase despite of the efforts of e-mail filters. Although only 0.001 percent of e-mail sent is responded to, this percentage is enough to return on the investment and keep the phishing industry alive. Further research has estimated that the costs of these phishing attacks on consumers in 2003 ranged from $500 million to an amazing $2.4 billion.

The early phishing attempts consisted on a link to a website which looked like a legitimate website, but in fact was an illegitimate website. The website address usually was not a domain, but simply an IP address, and the e-mails were often very poorly written, with bad grammar and spelling, and little attention to detail. Needless to say that phishing attacks have evolved with more convincing content and became harder to recognize. While a non-professional appearance such as a spelling error, a dubious URL, or a non-secure website are sure signs of a fraudulent phishing website, the lack of these features can no longer be used as a sure sign of a legitimate site (Green, 2005).

It is hard to successfully obtain bibliographical information in the scientific and marketing literature about techniques that aim to avoid spam and electronic fraud. This could be due to the features of these security systems, which should not be revealed in public documents for security reasons. This lack of information prevents improvements of criminals’ attacks because spammers/phishers just do not know the methods used to detect and eliminate their attacks. It is also necessary to emphasize that there is little available commercial technology that shows an actual and effective solution for users and businesses.

Spam and phishing filters process e-mail messages and then choose where these messages have to be delivered. These filters can deliver spurious messages to a defined folder in the user’s mailbox or throw messages away.

Complete Chapter List

Search this Book:
Reset