Tips, How-to's & Life Hacks

Ethical E-Mail Hacking – Reply To Address

The stream of articles under Ethical E-mail Hacking covers the ideas of hacking a mail. To readers clarification e-mail hacking is different from ’email account’ hacking. Here we hacking e-mails not mail accounts. In order to find the e-mail spoofs, forgery and other modern attacks. we need to know some basics of email and it is better to know how to hack an e-mail to avoid hacking and being victimized by hackers.

[sniplet postads]

We use webmail like gmail, yahoo mail, rediff anything, you name it or else we use mail clients like outlook, thunderbird etc to send and receive e-mails. “Reply-to” is the option which is almost absent in the APIs of today’s email clients. Usually to send a email we need a from address, and we need to enter one or more ‘to address’, subject, body. Like BCC, CC, we almost lost the option of specifying ‘reply-to’ address in our e-mails.

http://en.wikipedia.org/wiki/File:SPOOFED-EMAIL.jpg

Before continuing, open the above image in a new browser tab. You can find ‘Reply To’ text box where we can provide another e-mail id other than the sending id even if it is not belongs to the mail server and even in sometimes the email id may not exists.If this column is filled with some other person’s email id. When your e-mail arrives to the inbox of recipient, it will appear to the have been sent from another person whose mail id is specified in the ‘reply-to’ address field.

[sniplet postads]

Scenario 1:

A mail is sent by a fraud from fraud@fraudwebsite.com with ‘reply to’ address no-reply@brandedinstitution.com (eg: no-reply@paypal.com, accounts@citibank.com). with a deceiving subject and body with a link to hoax website which collects your information. When this mail arrives, it seems the mail was sent from no-reply@brandedinstitution.com because it was in the reply to column and the id fraud@fraudwebsite.com is almost hided. You now clicking the link provided in the spoof mail and entering the data like password, username in the hoax website.

In this scenario 1 you have been victimized by a simple reply-to data modification because it is shown clearly and original mail id is hided. By the instance of seeing the reply-to mail id, you are now made to believe that the email is from the legitimate source, but it is not. So whenever you receive a mail don’t forget to check the from address, instead of checking the reply-to address before clicking any links in that e-mail.

[sniplet postads]

Note: In gmail and yahoo, there is an option called “show details” on the top of the mail which shows the reply to and sender email id s separately.

[code]

Message-ID: <20050329231145.62086.mail@mail.emailprovider.com>
Received: from [11.11.111.111] by mail.emailprovider.com via HTTP; Tue, 29 Mar 2005 15:11:45 PST
Date: Tue, 29 Mar 2005 15:11:45 -0800 (PST)
From: fraudid@emailprovider.com
Reply-To: no-reply@alvistor.com
Subject: Managing Account Information
To: Mr You

[/code]

Here the fraud is sending this mail with subject “Managing Account Information” from “fraudid@emailprovider.com” through “mail.emailprovider.com” via HTTP, but the reply to address has “no-reply@alvistor.com” so the mail seems to be from alvistor.com. This is the place where you are being cheated by the fraud.

What We Learned: It is easy to spoof a mail with reply to address, and an email with a from mail id (over written by reply-to mail id) is need not to be the original sender’s mail id. So any one can pretend to be another person while sending email to you.

Interaction improves learning. Leave your thoughts here...