E-mail is one of the most widely used Internet services today. The services which are generally used in the e-mail Infrastructure are Simple Mail Transfer Protocol (SMTP) and Post Office Protocol version 3 (POP3) or Internet Message Access Protocol (IMAP).
The client communicates with e-mail server through Simple Mail Transfer Protocol (SMTP) and retrieves a message from their server based inbox through Post Office Protocol version 3 or Internet Message Access Protocol.
As we know that e-mail is one of the most common delivery methods for virus, worms, Trojan and other malicious code and they also have some additional capabilities like auto-download feature, auto-execute feature has transformed hyperlinks within the content of e-mail and attachment into a serious threat to every system.
The protocol which is used in e-mail infrastructure is not very secure. Because they do not support encryption, they transfer mail in plain text which makes eavesdropping much easier.
E-mail is also vulnerable to spoofing. Spoofing is the mechanism by which attacker sends an e-mail with a victim e-mail id.
Apart from that e-mail itself can be used as an attack. Example- In Denial of Service attack single user sends an unlimited number of messages to a victim inbox which results to destroy their e-mail account completely or does allow to receive any message, this process is also known as e-mail bombing.
There are many vulnerabilities in an e-mail. Here, we are going to explain some common security issues by which your e-mail account may get attacked.
Now it’s time to secure your e-mail account.
There are many ways through which you can secure your e-mail account. Currently, Gmail is using Transport Layer Security (TLS) Encryption.
The important thing to secure your e-mail is to maintain a confidentiality of the message being exchanged. This is possible by the use of security protocol some are: S/MIME, MOSS, PEM and PGP.
1. S/MIME: Secure Multipurpose Internet Mail Extension
To Secure Multipurpose Internet Mail Extension is a security protocol that offers both confidentiality and authentication of e-mail through digital certificate and public key encryption.
2. MOSS: MIME Object Security Service
MIME Object Security Service provides confidentiality, authentication and non-repudiation of e-mail message. Non-repudiation is an important concept which states sender can’t deny that he doesn’t send a message because it provides the guarantee that sender can’t deny it later. MOSS use different algorithms to provide authentication and confidentiality. Some of the algorithms are message digest 2, message digest 5, data encryption standard to provide authentication and confidentiality.
3. PEM: Privacy Enhanced Mail
Privacy Enhanced Mail is a mail encryption mechanism that uses X.509, RSA and DES for authentication, integrity and confidentiality.
4. PGP: Pretty Good Privacy
Pretty Good Privacy uses a variety of encryption algorithms and public-private key cryptography to encrypt e-mail and sends a message in a secure way. The first version uses RSA for encryption but later it offered many other options too.
By using these options, you can eliminate and secure your email against most of the vulnerabilities.
Attachment is also an important source for downloading threats on your system so it is always better to block attachment from an unknown source at the e-mail gateway to secure your email.
In May 2018, the security researchers have found a vulnerability in two popular email encryption protocols.
The vulnerability affects two of the most common email encryption protocols, PGP and S/MIME, an attacker could use the new vulnerability to modify the email, adding malicious HTML code before sending it to the target. When the target opens the new email, the malicious code could be used to send back the plaintext of the email. After that the vulnerability had been patched.
Tips To Secure Your Email Account :
- Do not use your Email on Public Wifi Hotspot. The hackers can use Network Sniffers and your data can be tempered by them. Public Wi-Fi is totally insecure.
- Do not click on any unknown link and attachment in the E-mail- If you get an email from your bank email ID or any other service (like Big offers for you). Do not click right away on that link. The attackers can do Social Engineering to grab your account details. Email attachments are tricky things, you might become a victim of Ransomware.
- Keep strong password with combination of special characters. If you are using the same password for your Internet Banking, then you become more vulnerable to data theft.
- Do not use same password to your other accounts.
- Enable Two-factor authentication (2FA) with Authy.
- Do not share your personal Email ID login information.
- Keep changing your password periodically.
- Do not give your personal information through email. Genuine banks or companies never asks you.
- Use Internet Security instead of Antivirus – It can scan your email attachments to provide best protection against malicious activity.