Sie sind auf Seite 1von 12

E-mail Spoofing

Submitted to Mrs. Debmita Mondal


(Faculty: Cyber Law)

Submitted by Anant ekka


Section A
Roll No: 26
Semester VII
B.A.LL.B(Hons.)
Submitted on: 26 /09/2016

HIDAYATULLAH NATIONAL LAW UNIVERSITY, RAIPUR (C.G.)

1
Acknowledgement
The successful completion of any task would be, but incomplete, without the mention of
people who made it possible and whose constant guidance and encouragement crowned my
effort with success.

I would like to thank my course teacher Mrs. Debmita Mondal for providing me the topic of
my interest.

Secondly, I would like to thank our Vice Chancellor for providing the best possible facilities
of I.T and library in the university.

I would also like to extend my warm and sincere thanks to all my colleagues, who
contributed in numerable ways in the accomplishment of this project.

Thanking you,

Anant Ekka
Semester VII

2
Contents
Acknowledgments 2

Research Methodology......4

Objectives......4

Introduction...................................................................................................................5

Spoofing........................................................................................................................6

E-mail spoofing.............................................................................................................6

Cases on e-mail spoofing...............................................................................................9

Conclusion... 11

Webliography....12

3
Research Methodology
This research project is Non-Doctrinal in nature since it is largely based on secondary &
electronic sources of data and also since there is no field work involved while producing this
research and it largely involves study of various cases and comparison from different books,
journal and other online sources. It is not empirical in nature.

Objective

To study about e-mail spoofing.

4
Introduction
In the era of cyber world as the usage of computers became more popular, there was
expansion in the growth of technology as well, and the term Cyber became more familiar to
the people. The evolution of Information Technology (IT) gave birth to the cyber space
wherein internet provides equal opportunities to all the people to access any information, data
storage, analyse etc. with the use of high technology. Due to increase in the number of
netizens, misuse of technology in the cyberspace was clutching up which gave birth to cyber
crimes at the domestic and international level as well. Though the word Crime carries its
general meaning as a legal wrong that can be followed by criminal proceedings which may
result into punishment whereas Cyber Crime may be unlawful acts wherein the computer is
either a tool or target or both.

The world 1st computer specific law was enacted in the year 1970 by the German State of
Hesse in the form of Data Protection Act, 1970 with the advancement of cyber technology.
With the emergence of technology the misuse of technology has also expanded to its
optimum level and then there arises a need of strict statutory laws to regulate the criminal
activities in the cyber world and to protect technological advancement system. It is under
these circumstances Indian parliament passed its INFORMATION TECHNOLOGY ACT,
2000 on 17th October to have its exhaustive law to deal with the technology in the field of e-
commerce, e-governance, e-banking as well as penalties and punishments in the field of
cyber crimes.

Cyber crimes actually means it could be hackers vandalizing your site, viewing confidential
information, stealing trade secrets or intellectual property with the use of internet. It can also
include denial of services and viruses attacks preventing regular traffic from reaching your
site. Cyber crimes are not limited to outsiders except in case of viruses and with respect to
security related cyber crimes that usually done by the employees of particular company who
can easily access the password and data storage of the company for their benefits. Cyber
crimes also includes criminal activities done with the use of computers which further
perpetuates crimes i.e. financial crimes, sale of illegal articles, pornography, online gambling,
intellectual property crime, e-mail, spoofing, forgery, cyber defamation, cyber stalking,
unauthorized access to Computer system, theft of information contained in the electronic
form, e-mail bombing, physically damaging the computer system etc.

5
Spoofing

Spoofing, in general, is a fraudulent or malicious practice in which communication is sent


from an unknown source disguised as a source known to the receiver. Spoofing is most
prevalent in communication mechanisms that lack a high level of security.

The word "spoof" means to hoax, trick, or deceive. Therefore, in the IT world, spoofing
refers tricking or deceiving computer systems or other computer users. This is typically done
by hiding one's identity or faking the identity of another user on the Internet.

Spoofing can take place on the Internet in several different ways. One common method is
through e-mail. E-mail spoofing involves sending messages from a bogus e-mail address or
faking the e-mail address of another user. Fortunately, most e-mail servers have security
features that prevent unauthorized users from sending messages. However, spammers often
send spam messages from their own SMTP, which allows them to use fake e-mail addresses.
Therefore, it is possible to receive e-mail from an address that is not the actual address of the
person sending the message.

Finally, spoofing can be done by simply faking an identity, such as an online username. For
example, when posting on a Web discussion board, a user may pretend he is the
representative for a certain company, when he actually has no association with the
organization. In online chat rooms, users may fake their age, gender, and location.1

E-mail Spoofing
In todays growing world it is difficult to imagine life without e-mails. These are very quick
and simple to use. Thus people choose to interact through emails. You can use emails for
individual or business purposes, but these days, using emails also are not very secure. Email
viruses and email spoofing are different form of threats to all the email users. Email has fast
emerged as the world's most preferred form of communication. Billions of email messages traverse
the globe daily. Like any other form of communication, email is also misused by criminal elements.
The ease, speed and relative anonymity of email has made it a powerful tool for criminals.

1
http://techterms.com/definition/spoofing

6
Email spoofing is one of the best known spoofs. Since core SMTP fails to offer
authentication, it is simple to forge and impersonate emails. Spoofed emails may request
personal information and may appear to be from a known sender. Such emails request the
recipient to reply with an account number for verification. The email spoofer then uses this
account number for identity theft purposes, such as accessing the victim's bank account,
changing contact details and so on.

The attacker (or spoofer) knows that if the recipient receives a spoofed email that appears to
be from a known source, it is likely to be opened and acted upon. So a spoofed email may
also contain additional threats like Trojans or other viruses. These programs can cause
significant computer damage by triggering unexpected activities, remote access, deletion of
files and more

Email spoofing is a fraudulent email activity hiding email origins. The act of e-mail spoofing
occurs when imposters are able to deliver emails by altering emails' sender information.
Although this is usually done by spammers and through phishing emails for advertising
purposes, email spoofing can have malicious motives such as virus spreading or attempts to
gain personal banking information. Simple Mail Transfer Protocol (SMTP) does not provide
any type of authentication process for persons sending emails. Yet, it is the primary email
system for most people, facilitating email spoofing. Now a days, most email servers can
provide further security. Also many digital software vendors have created products
remedying this problem.2

A spoofed email is one that appears to originate from one source but has actually emerged
from another source. Falsifying the name and / or email address of the originator of the email
usually does email spoofing. Usually to send an email the sender has to enter the following
information:
email address of the receiver of the email
email address of the person who will receive a copy of the email (referred to as CC
for carbon copy)

2
https://www.techopedia.com/definition/1664/email-spoofing

7
email address of the person who will receive a copy of the email (referred to as CC
for carbon copy, but whose identities will not be known to the other recipients of the
e-mail (known as BCC for blind carbon copy)
Subject of the message (a short title / description of the message)
Message

Certain web-based email services like www.SendFakeMail.com, offer a facility wherein in


addition to the above, a sender can also enter the email address of the purported sender of the
email.
Consider Mr. Siddharth whose email address is siddharth@hotmail.com. His friend Golu's
email address is golu@yahoo.com. Using SendFakeMail, Siddharth can send emails
purporting to be sent from Golu's email account. All he has to do is enter golu@yahoo.com in
the space provided for sender's email address. Golu's friends would trust such emails, as they
would presume that they have come from Golu (whom they trust). Siddharth can use this
misplaced trust to send viruses, Trojans, worms etc. to Golu's friends, who would unwittingly
download them.3
One of the cyber crimes phishing is associated with Email spoofing. Phishing is the practice
of attempting to obtain users' credit card or online banking information, often incorporates e-
mail spoofing. For example, a "phisher" may send e-mail that looks as if it comes from the
banks or credit cards administrative department, asking the user to log onto a Web page and
enter passwords, account numbers, and other personal information. Thereby obtaining the
users confidential information.4

Phishing is associated with Email spoofing. Phishing is the practice of attempting to obtain
users' credit card or online banking information, often incorporates e-mail spoofing. For
example, a "phisher" may send e-mail that looks as if it comes from the banks or credit cards
administrative department, asking the user to log onto a Web page and enter passwords,
account numbers, and other personal information. Thereby obtaining the users confidential
information.

3
http://cybercrime.planetindia.net/email_crimes.htm
4
https://www.ukessays.com/essays/computer-science/the-process-of-spoofing-computer-science-essay.php

8
Cases on E-mail Spoofing

1. Gujarat Ambuja Executives case:

51-year-old cyber criminal Pranab Mitra has stunned even the cyber crime investigation cell
of Mumbai police with his bizarre fraud on the Net. Mitra, a former executive
of Gujarat Ambuja Cement, was arrested on Monday for posing as a woman and seducing
online an Abu Dhabi-based man.

Investigating officer, Assistant Commissioner of Police, J.S. Sodi, said Mitra has been
remanded to police custody till June 24, and has been booked for cheating, impersonation,
blackmail and extortion under sections 420, 465, 467, 471, 474 of the IPC, read with the
newly formed Information Technology Act.

Mitra posed as a woman, Rita Basu, and created a fake e-mail ID through which he contacted
one V.R. Ninawe. According to the FIR, Mitra trapped Ninawe in a cyber-relationship
sending emotional messages and indulging in online sex since June 2002.Later, Mitra sent an
e-mail that she would commit suicide if Ninawe ended the relationship. He also gave him
another friend Ruchira Senguptas e-mail ID which was in fact his second bogus address.
When Ninawe mailed at the other ID he was shocked to learn that Mitra had died. Then Mitra
began the emotional blackmail by calling up Abu Dhabi to say that police here were
searching for Ninawe. Ninawe panicked on hearing the news and asked Mitra to arrange for a
good advocate for his defence. Ninawe even deposited a few lakh in the bank as advocate
fees. Mitra even sent e-mails as high court and police officials to extort more money. Ninawe
finally came down to Mumbai to lodge a police case.

2. Citi Bank Spoofing case:


Many E-mails are in circulation asking the receivers to update their CITI Bank
account information.
The mails are purported to be from Customer Service Department of the Bank.
The mails also contain a link to CITI Bank website.
The fact is that the link is fake it comes with an extension e.g.
www.citibank.com/5%ac8%/login.asp
The link actually takes the person to a mirror of actual site.

9
The information punched in there never goes to the bank but to another computer and
gets stored.
This was used by the person for operating accounts.

10
Conclusion
Nowadays, almost everyone is moving into electronic settings. The commercial, social and
governmental activity depends on this new 'Electronic' way of life.

Spoofing is a real threat to the Community as we all are dependent on this electronic way of
life. Although in some places its use can be justified, not always does it occur with a 'good'
intention. Since many years it has been seen that spoofing attacks are becoming more and
more extensive with the difficulty of nailing the spoof attackers increasing as well.

As research in the field of computer science carries on steadily, ways of using and misusing
this field carry on as well. Today, nearly everything runs around these few real-world
applications. And with the rapid growth of spoofing attacks, it has become even more
important to protect ourselves from the attacks or even prevent them from taking place at all.

Since users of computer system and internet are increasing worldwide, where it is easy to
access any information easily within a few seconds by using internet which is the medium for
huge information and a large base of communications around the world. Certain
precautionary measures should be taken by netizens while using the internet which will assist
in challenging this major threat Cyber Crime.

11
Webliography

www.ukessays.com
www.cybercrime.planetindia.net
www.techopedia.com
www.techterms.com
www.knowcybercrime121.blogspot.in

12

Das könnte Ihnen auch gefallen