Email Identity Theft Scams

Identity theft can take on many different forms. Some are more noticeable than others. Occasionally, we may run into someone who needed to shut down their website or create a whole new email address due to the fact that an identity theft hacker manage to compromise their website or email address. You may, yourself receive a bounced message that indicates spam was sent using our email address in the “From:” email field.

Why are how are email addresses forged?

The main reason why spamming is conducted with the use of someone else’s email address has to do with avoiding problems. A spammer, who is using a stolen email identity, may sometimes wish to simply avoid complaints. This is especially true if the complaints will be directed to the spammer’s Internet Service Provider (ISP). This could result in the spammer’s Internet service being discontinued. It’s an unfortunate fact that forging email addresses is easy and takes place all the time.

An email address can be forged using viruses and worms. A PC that has been infected will have its email address book compromised. The addresses in the book will then be used as the “From:” addresses in the spam messages. For the spammer, this provides two advantages. The first is that it can obscure the real source of the infected mail. The second advantage has to do with the fact that the email can appear to come from a trusted source. This will increase the chances that the recipient will open the infected attachment, thereby multiplying the virus infections.

The biggest problem here is that people will usually need to remain visible in the online world. A company, for example, will not usually want to hide itself and only reveal its email address to a trusted few individuals. Vendors and clients need to be contacted. But a company can place certain precautions into effect and know what to do, should their email identity be used for unauthorized purposes.

Before the email identity theft

One of the things that can be devastating to someone who needs to keep their website running is a shutdown by their web hosting company. Web hosting companies are notorious for immediate shut downs that can take a while to appeal. You can avoid this pitfall by having a DNS and domain registrar service that is not connected to your web hosting service. You can always change your web hosting service quickly, if you get locked out. This isn’t true for your DNS. When you use companies that are unrelated (maybe even crossing different jurisdictions), you’re making it impossible for a single company to cut you off from the Internet. Ironically, you’ll be using the same techniques that spammers use – only you’ll be legally protecting yourself.

Another suggested precaution against being shut down due to identity theft measures is having an updated backup of your server files – located on a completely different server. This way, if your web hosting company fails you for any reason, a quick switch can be made. This is considered a good precaution for anyone who can afford this type of a setup. Your DNS records should also have limited TTL (“time to live”) settings. Here, the amount of DNS info is cached but a visitor will be directed to a different site than the spammer’s if the account is disabled for any reason.

Also, never use a hosting service that will give you a shared IP address. If the shared company is blocked by the hosting service, then you may be blocked, as well. You will also need a non-shared IP address if you want to run a secured protocol (“https” as opposed to just “http”).
You can even create Sender Policy Framework records for your DNS records (provided you have sufficient admin rights). This means that you are able to specify the host computers that have permission to send email on your organization’s behalf. This can go a long way when it comes to eliminating forged emails.

After an Email Identity Theft Occurrence

Should this happen to you, you may want to follow the email address trail. But first, notify your ISP and/or your web host provider. This can stop a shutdown of your website due to any subsequent complaints from those receiving spam messages in your name. Be very clean when you contact them, though. You don’t want their help desk to become confused and shut down your website, thinking that your report is just one of the abuse complaints.

Post a notice on your website homepage. This will notify your patrons that you are not responsible. For an individual user, send out notifications to everyone in your address book. This way they’ll know not to open up any infected attachments that they’re bound to receive.

Put a note on the front page of your site so that any annoyed spam recipient going to your website will understand what has happened and that you weren’t responsible. You also need to collect evidence (copies of fraudulent emails) in order to legally pursue the spammer or to just prove that you were not responsible.

An example of this type of an attack can be seen in a scamming website that claimed to be “MortgagePlus Financial”. Here, the website was after personal data to use for further identity theft purposes. On the surface, it appeared to be a U.S.-based site – but the actual domain was in the U.K. and hosting services were located in Hong Kong and the owner was located in Hungary!

Notify of
Inline Feedbacks
View all comments

Jump to:

Would love your thoughts, please comment.x