This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
E-mail client, also known as Mail User Agent (MUA), is a value-added service for standard e-mail systems which used to manage a users e-mail. E-mail client intended recipient to gets the mail content if and only if the mail originator receives non-repudiation evidence that the message has been received by the recipient. Its called a client because e-mail systems are based on client-server architecture. Mail is sent from many clients to a central server, which re-routes the mail to its intended destination.
Currently, there are many popular e-mail clients include Microsoft Outlook, Mozilla's Thunderbird, Pegasus Mail, and Apple Inc.'s Mail.
However, e-mail messages are not protected as they move across the internet. Information transmitted via mail is valuable and sensitive such that high effective protection mechanisms are preferable in order to prevent information from being manipulated or to protect confidential information from being fraud by unauthorized parties. Nowadays, spam or junk e-mails are also increasingly appeared in the mail box from the commercial purposed web site. Besides, phishing attacks in e-mail have increase with the popularity of using e-mail in different networks, including the internet and mobile networks.
In this information and communication technology age, personal, enterprise, and governmental communications via e-mails become more widespread. The main reason of using e-mails is probably because they are convenient and time saving. Individual privacies, commercial secrets, even country's intelligence information are being delivered through e-mails and thus contents in e-mails are more valuable than ever. Therefore, the security of e-mails has raised more concerns.
Phishing is a form of online fraud techniques used by criminals to steal sensitive information such as online banking password and credit card information from users. A common phishing practice uses spoofed messages that are disguised to look like they are from well-known company or web site, such as bank, Credit Card Company, charity, or e-commerce online shopping site. The term phishing originates from the analog that internet criminals use email baits to fish for passwords and financial data from a sea of unaware consumers .
Phishing often seems an intractable problem, because phishers go to such lengths to hide their tracks by staging attacks through multiple countries and legal regimes. Phisher will masquerade as a trustworthy person in e-mail communication and phishing by carried out e-mail or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
Phishing is an example of social engineering techniques used to fool users, and exploits the poor usability of current web security technologies. Over the past few years we have seen an increase in phishing attacks which is a type of semantic attack in which victims are sent e-mails that deceive them into providing account numbers, passwords, or other personal information to an attacker. Typical phishing e-mails falsely claim to be from a reputable business where victims might have an account.
Nevertheless, e-mail remains the most favorable vehicle for phishing. The abundance of of-the-shelf bulk mailing tools simplifies the job of phishers and help in delivering a huge number of e-mails to a large number of victims. As of July 2010, many people receive e-mails that claiming to be fro Wikipedia and they may link to harmful websites and expose users to spam. Link that appears in the mails constitute an attempt at phishing by unknown parties. Therefore, phishing is one of the security issues that need to be concern.
Security In E-Mail
Over the past couple old decades, e-mail has become one of the world's leading communications mediums, perhaps even outpacing the telephone and traditional mail service. Unfortunately, e-mail has proven itself to be highly vulnerable to outside influences including individuals and organizations that seek to cause some form of technologies damage or hope to make money in an illegal fashion. As a result, security has become an increasingly important issue for all e-mail users.
Although email security is often viewed as a single issue, it is actually a conglomeration of several different threats that work individually to damage computers and defraud recipients, as well as to undermine the effectiveness, reliability and trust of email systems. Email threats can be divided into several distinct categories:
Viruses, Worms and Trojan Horses: Delivered as email attachments, destructive code can devastate a host system's data, turn computers into remote control slaves known as botnets and cause recipients to lose serious money. Trojan horse keyloggers, for example, can surreptitiously record system activities, giving unauthorized external parties access to corporate bank accounts, internal business Web sites and other private resources.
Phishing: According to the Anti-Phishing Working Group - a trade organization that consists of financial organizations, software publishers and other concerned parties - phishing attacks utilize social engineering to steal consumers' personal and financial data. The attacks rely on "spoofed" emails that direct recipients to bogus Web sites that are designed to trick them into revealing confidential financial data such as credit-card numbers, account usernames, passwords and Social Security numbers. Phishing perpetrators typically operate by hiding under phony identities that they have stolen from banks, online merchants and credit-card companies.
Spam: Although not an overt threat like a virus-infected attachment, junk email can quickly overwhelm an inbox, making it difficult or even impossible for its owner to view legitimate messages. The spam problem has gotten so bad that it is commonplace for users to abandon email accounts that are overrun with spam rather than try to fight the problem. Spam is also the delivery medium of choice for both phishers and virus attackers. So just how bad is the problem in terms of numbers? Tens of billions of spam messages are sent every day.
Protecting email users and their systems from attackers is a 24/7 job that requires the use of multiple security tools:
Client Security: Virtually all major email clients now offer security settings, anti-spam tools, phishing filters and other features that are designed to snare and isolate dangerous messages before they can inflict harm. Email users should investigate all of these features and use them as their first line of defense.
Firewall: A firewall can bolster email security by filtering out malware-laden attachments and other types of unwanted material that don't meet pre-configured rules.
Encryption: Rendering messages indecipherable to unauthorized recipients is a popular way of protecting outbound emails. Encryption software isn't perfect, however, since even the best products consume both processor speed and storage space. Users can also lose or forget passwords. Encryption can be handled by the firewall or additional software.
Anti-Virus Tools: Leading anti-virus products and services generally do a good job of spotting and removing viruses, worms and Trojan horses from incoming email messages.
Spam Filters: A good spam filter can differentiate between legitimate email and spam, freeing a user's inbox from mounds of digital debris. A drawback to this technology is that a poor spam filter, or one that has not been properly tuned, will remove a certain number of legitimate emails from a user's view while letting some spam pass through untouched. Improved spam-recognition technologies are making spam filters more accurate - most vendors now promise 99 percent-plus accuracy rates - but even the best spam filter will incorrectly categorize at least some emails.
Education: One primary email-defense tool is education. Users who are aware of email threats are less likely to open potentially virus-infected attachments, click phishing links or perform other risky actions.
According to Anti-Phishing Working Group , the United States continued its position as the top country hosting phishing sites during the first quarter of 2010. According to a study by Gartner, 57 million US Internet users have identified the receipt of e-mail linked to phishing scams and about 2 million of them are estimated to have been tricked into giving away sensitive information. Phishing attacks are increasing despite of the use of e-mail filters such as Anti-phishing and hence it is enough to provide a return on investment and keep the phishing industry alive .
Some examples of phishing schemes include:
Fake e-mail messages - the inbox message appears to be from a company that you do business with and warning you that they need to verify your account information.
A combination of auction fraud and phony escrow sites - this occurs when items are put up for sale at legitimate online auction to lure user into making payments to a fake escrow site.
Fake charities - a phishing scheme poses as a charity and asks for direct monetary donations.
Fake web sites - the web sites can be made to look similar to legitimate sites. When you inadvertently visit them, the sites can automatically download malicious software such as virus or spyware.
Human mistakes - a user intends to enter the URL https://www.amazon.com as the URL but he enters the wrong URL https://www.anazon.com by mistake.
Pharming attacks - for the convenience of its users, the web site https://www.amazon.com allows its users to call the web site using alternative insecure URL http://www.amazon.com. Now, the DNS of a user can be manipulated so that when the user uses this insecure URL to request the web site, the user's DNS directs the request to an adversarial web site that redirects the user's browser to the wrong web site https://www.anazon.com.
The main objective for this project is to provide a secure protection for e-mail client in send and receive email via the SMTP protocol. The specific objectives of this project that to be accomplished are as following:
Provide a revolutionary spam detection system that inspects every message for hundreds of thousands of threat attributes gleaned from billions of messages.
Learn and design a functional Anti-phishing Add on tool that able to handle and filter phishing attack in e-mail portion.
Study the Add on build environment language and type of e-mail client that need to be enhance to interfacing Anti-phishing feature in e-mail.
Focus on steps for proving security properties and measuring the performance of the Add on Anti-phishing for e-mail client
In this project, scopes that will be focused are shown as below:
Security in e-mail: Anti-Phishing and Anti-Spam
In anti-phishing feature, there are several different techniques to combat phishing, including legislation and technology created specifically to protect against phishing. To employ the anti-phishing, first have to understand the phishing cycle which will be discuss in detail at literature review part of this thesis.
To prevent e-mail spam, both end users and administrators of e-mail systems use various anti-spam techniques. Some of these techniques have been embedded in products, services and software to ease the burden on users and administrators. No one technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate e-mail vs. not rejecting all spam, and the associated costs in time and effort.
Anti-spam techniques can be broken into four broad categories: those that require actions by individuals, those that can be automated by e-mail administrators, those that can be automated by e-mail senders and those employed by researchers and law enforcement officials.
The project will be focused on e-mail client such as Microsoft Office Outlook. By adding the anti-phishing and anti-spam feature in e-mail client, the incoming e-mails will be classifying into two categories which is either legitimate or fraudulent. Generally a rule will generate and fall into the following categories:
Identification and analysis of the login URL in the e-mail
Analysis of the e-mail headers
Analysis across URLs and images in the e-mail
Determining if the URL is accessible or not
This thesis consists of six chapters. Chapter 1 (Introduction) contains the introduction of the e-mail client anti-phishing add on module, the problem statements, which are problem seen in the existing e-mail client that leads to the development of this new secure add on secuirty module in e-mail client. Finally, this chapter touches on the objectives and project scope of this project as well.
Chapter 2 (Literature Review) discusses on the...It also covers the related works done by other people regarding to....
Chapter 3 (Methodology) is a chapter discussing the methodology used to developed this secure add on module. It gives an overview of all the phases in the Software Development Life Cycle (SDLC). The requirement specification, such as user, hardware, and software requirements will also be discussed in Chapter 3.
Chapter 4 (System Design and Implementation) consists of the system design and the implementation of the secure add on module. It gives a more details explanation on how the module is designed and implemented. For instance...
Chapter 5 (Testing Results / Outputs) discusses on the result provided by this secure module. This chapter will show the screenshots of the entire add on plugin to the e-mail client to prove that how this module fulfills the objectives of solving the security issues in the problem statement above. At the end of this chapter, the module limitations will also being discussed.
Finally, Chapter 6 (Summary) discusses on the conclusion based on secure add on module such as its capability. It also discuss a little bit about future works that can be done to enhance the module capability and security.