1838: James Grant published “Sketches in London,” part of which is devoted to exploring the growing problem of “begging impostors who ply their avocation by means of letters,” one of whom was so successful as to net approximately 600 pounds per year.¹

1978: Theodore Kaczynski had a 17-year career of sending bombs through the U.S. mail. He killed three and injured 24 people, terrifying many more in the process. His mail bombs were malicious indeed, made to explode when opened.²

2001: Letters containing anthrax were mailed to various U.S. government offices and news outlets, resulting in five deaths, numerous infections, and a massive disruption to the U.S. Postal System as measures were put in place to neutralize any remaining contaminants.³

2013: Letters containing traces of ricin, a potent poison, were sent to several U.S. government offices. The letters were detected prior to causing harm, and were later traced to a man who sent the letters to exact revenge on an enemy.⁴

These four examples show the use of the postal system to conduct malicious activity—ranging from fraud to murder—by nefarious persons is evident. There are more examples to be found for those who like to study history.

In addition to these specific examples, it is not uncommon to be overwhelmed with catalogs near the holidays, lottery solicitations offering recipients both magazine subscriptions and a chance to win a large amount of money, and fraudulent invoices sent with the hope that the recipient will simply pay the bill without checking to ensure its legitimacy. Postal mail is filled with scams, which is one of the reasons the U.S. Postal Code defines the use of the postal system in commission of a crime as a separate crime itself. The U.S. Postal Service helpfully provides a list of activities that can potentially result in charges of mail fraud; these include “illegal sweepstakes schemes, chain letters, travel and vacation scams, merchandise misrepresentations, phony billings, fraudulent investment opportunities, work-at-home schemes, rebate fraud, and foreign lottery scams.”⁵

These activities, and other criminal actions, have transitioned seamlessly to electronically networked communications. Junk faxes clog facsimile machines and waste paper. Unsolicited bulk email, also known as unsolicited commercial email or spam, may appear to cause less environmental damage, since little paper is involved, but does clog bandwidth and costs both service providers and consumers in electricity and bandwidth, as well as time. The problem has attracted so much attention that laws have been passed in the US at both the local and federal levels limiting or banning such email, and the Federal Trade Commission maintains an email address for reporting suspected messages ([email protected]). The purpose of that service is to provide consumers with a central place to report deceptive messages and to provide a repository for researchers and law enforcement to understand better and counter the activities.

The problem is bigger than spam, and unfortunately, the responsibility for understanding and protecting ourselves from the potential harm rests squarely on each of our shoulders. For those of us who are responsible for young children or aging relatives, that responsibility has increased enormously. Having email can be an essential connection to the rest of society for someone who is unable to get out much, such as an aging relative. Keeping these at-risk individuals safe from the bad guys can be a time-intensive problem. Understanding the potential and limiting the possibilities for such problems is an important first step to keeping ourselves, and our loved ones, safe.

The category of malicious messaging that incites or induces a reader to actions that are contrary to the reader’s best interests include what are called begging emails or phishing emails. Phishing is the art of tricking an individual into responding to a communication crafted for a nefarious purpose. Common mediums used in phishing include email, SMS (texting), phone communication, mail, MMS (chat), and so on. Phishing directly targets the users of systems rather than the systems themselves; however, users may then inadvertently open the door to their systems. Phishing includes messages that ask the reader to participate in some sort of activity to the benefit of the originator of the message. This could be a request for funds for a humanitarian relief operation, a cancer survivor fund, a legal defense fund, or simply a request for support.

Some of these messages are believable and heart rending. This characteristic of appealing to the emotional center of the brain is a key to the attacker’s success at getting a reader to do something that he should not. For example, an email or a message may say, “I am stuck in a foreign city and my passport has been stolen! I don’t have any money, either. Would you please let me $4000 so I can get back home?” An initial response, if we get to receive this type of message from a close friend or relative, would be to react unthinkingly and to comply with the request for emergency funds. After all, that is what friends do: they help each other. This is a quite common scam, sometimes resulting in multiple people losing the money that they thought they were wiring to help out a friend in need.

Another unfortunate scam that is seen all too often is a request for material support for either medical treatment of extreme types or for some sort of humanitarian relief operation. For example, a distraught mother may request funds to help her child get treatment for a rare disease. Typically, this type of message includes detailed descriptions of what’s been tried, what has not worked and the fact that they have had a lot of bad luck, which is why they are simply asking for a very small donation from many, many different people so that a child (typically a very adorable looking child) can be saved.

A variation on this scam is to set up donation request messages for large humanitarian disasters such as hurricanes, tsunamis, or earthquakes. Well-meaning people are duped by these messages: the scam artist winds up siphoning money from the donors. The money will never go to the benefit of the poor people who have suffered the tragedy.

Probably the best known of these scam messages are what is called the Nigerian scam or the Advance Fee scam. It is worth pointing out that not all these emails are from Nigeria: they come from all over the world.⁶ In this type of scam, the perpetrator makes contact asking for either what sounds like legitimate business relationship to create a multijurisdictional transactions or perhaps an introduction into a foreign country. A variation on this scam is simply to establish a personal relationship. Sometimes the fraudulent nature of the scam is obvious from the beginning, such as when the sender asks for assistance to sneak a fortune out of his or her home country, promising to pay the recipient a large fee for such assistance. The very obviousness of the fraudulent aspect is most interesting about this. A reason for including this level of detail in the enticement message is simply to cull the recipients and respondents to only those who are likely to fall for the scam based on greed, ignorance, or a combination of the two.⁷

The well-known adage that “if it seems to be good to be true, it probably is” holds true in this case. Being suspicious, even when the offer seems to be genuine, is important. This approach may strike some as being overly paranoid about the nature of human relations, but the history of those who have been conned indicates that a healthy dose of suspicion is indeed warranted.

Suspicion is particularly warranted with a variation that may not appear to be as obvious. In this variant, an electronic message received, sometimes on social media but other times via email, says something to the effect of “I saw your profile online and I would like to get to know you as a friend.” Typically, these are aimed at individuals who might be dating online, looking for companionship, or who seem like obvious targets for an “escalation enticement.” This type of escalation enticement typically has the perpetrator pretending to want simply to be friends. Once friendship is established, it quickly evolves to a series of escalating requests. The first request may be for some trivial type of assistance, perhaps finding an article of clothing or some other type of good or service. It is hard to say no to something that is easy and which would bring joy to someone else. This good deed opens the door to further requests, perhaps for a very small loan or request for assistance in getting a visa. As the target responds to the enticements, the requests continue to be escalated in both significance and importance. There have been cases where people have spent literally thousands of dollars in what they thought was a legitimate friendship or loan only to discover that they have been scammed.⁸ These messaging scams can occur over social media such as Facebook, LinkedIn, or Twitter and can occur over text messaging including random text messages to phone numbers just to see who responds, or can be messages in virtual media as well as email.

Another significant problem in malicious electronic messaging is the type of messaging that includes links to sites that provide downloads of malicious software or embedded material that is malicious in nature. In the first case, the link or the embedded material is usually disguised so that the recipient cannot know at first glance that it is malicious. Attackers can use this tactic not only to gain access to individual accounts, but can also use it to access to entire networks of institutions. Once inside, they establish persistence, or the ability to come and go as they please, and just like that, they have maneuvered past the defenses intended to keep them out. These threats, sometimes referred to as “Advanced Persistent Threats” (APTs), are considered to be some of the most prevalent and dangerous threats to the security of systems and data within the modern organization. TrendMicro, a leading security research firm, estimated in a 2012 report that the vast majority of APT breaches involved a highly targeted email-based attack, leading them to conclude that these types of attacks are a favored tactic for compromising the security of networks.⁹

This is one of the critical problems with recognizing or detecting malicious messaging with the embedded links. In a very real sense, electronic messaging is deceitful simply by design: when you look at an electronic message, it is kind of like looking at the outside of a house or the façade of a building. You think you see structure, and in fact, you have been conditioned by life experience to extrapolate from the visual aspect to the functional structure. When you see the front of a building, you imagine automatically that there is in fact a whole building of similar structure behind the front. It is not until you examine what is underneath the façade that you are able to really appreciate what is the actual structure of the edifice.

In electronic messaging, this is also true by design: the presentation of the message is controlled by the software that contains the commands to select the display font, the display color, embedded images, and other content. The more diverse content that a type of messaging uses leads to a richer messaging environment. Conversely, the richer the messaging media, the more opportunity there is to camouflage malicious content within the rich content. A link to a malicious software download site may be camouflaged as a link to a news article, to a blog, or to what appears to be a legitimate information site. It is actually easy to disguise the true nature of an electronic link by displaying one that appears to be quite innocuous. The problem is compounded with other elements. For example, there are URL abbreviation technologies, such as bitly or tinyurl, that compress long or ungainly links to something a bit more manageable (or that fit within the character limitations of some messaging services). There are also links that redirect the user to another site, perhaps for ease of use, perhaps to collect use information, or perhaps simply to increase the simplicity of the apparent design. These assistive technologies create a situation where your ability to examine the actual link becomes even more difficult.

In some systems, you can actually examine the underlying raw source data of the unformatted message. Depending upon the platform you are using, you have more or less control over this. This control makes it easier or harder for you to understand or discover the natural relationship of the link that is embedded. For platforms that provide you a great deal of insight into the source the raw source message of an electronic message, you have a great deal of power to understand what the actual embedded data are, where they are coming from, whether the source has been spoofed or not, and other pertinent data. However, if you are operating from a smart phone or some other limited operational capability, your ability to discover the underlying actual data is quite limited indeed. This, obviously, restricts your ability to perform investigations before deciding whether to accept or click on a link. The same problem is true with attachments, which includes not only documents but also images. Attachments such as documents, spreadsheets, or other work-related documents can appear to be innocuous, but may in fact hide the fact that they are executable programs that are designed to launch malicious software on to your system. They can act to compromise your security profile, steal your information, and open some sort of backdoor into your system to allow further activities. Examples of these problems are given in the following chapters.