Sending sensitive info via email

[vito]

It is common knowledge that email is an insecure form of communication. For instance, we are told to never send aour credit card number by email, as it may be intercepted and used fraudulently.

So I give out the same advice whenever the topic comes up. But to be perfectly honest, I don't understand it. A little while ago, after giving someone this sage advice, he turned and asked me for more detail explanation. And I did not know how to reply. So please tell me how this works.

Millions and millions of emails are sent around the world every day. So when you send a single email with sensitive information, where exactly is the risk? How is it that your info could be intercepted? That email takes a split second to reach its destination. So exactly how is someone intercepting that info? Is it with some type of sniffer that seeks out specific strings of data? Please explain it to me.

Vito

 

[Blue]

Is it with some type of sniffer that seeks out specific strings of data? Please explain it to me.

Vito

I think you hit the nail on the head there Vito.

I don't really know the inside aspects of it but I believe that there are software scanners that can be programmed to look for certain things. For instance, credit card numbers are in a specific pattern and the software could be programmed to look for that pattern.

 

[Simon]

Emails are simply too easy to sniff out. A hacker, or nosey person can intercept the mail coming in on the port and scan it for "buzz words" for instance credit card, phone number, password, etc.

PGP is the number one way around this. PGP encryption is best explained as a sealed envelope. Regular email is like sending a postcard, it's just out there in the open for anyone nosey enough (or bright enough) to get at.

If you, or he, want some encryption options for your email, there's nothing better than www.pgp.com

Simon

 

[jswf]

Ditto Simon. The nosey person would have to have a filter set up on the port where the email leaves, or enters the server. Or on one of the ports it passes through on its journey. PGP encryption is the way to go... however, if you're looking at transferring lots of credit card details, etc, you'd be better looking at a solution where everything is processed on an ssl service, rather than gettign everyone to pgp up their details and send them to you.

 

[vito]

So would someone have to have hacked the (sending or receiving) server and planted a script in it to sniff out incoming mail? If so, then would "sensitive" email transmissions make it through untouched unless it was unlucky enough to hit a compromised server?

And if the server is compromised, wouldn't the server administrator detect it in short order, thereby removing it from the server?

Vito

 

[Blue]

Emails travel through a certain port Vito. There is software that can scan the internet for vulnerable ports. A server wouldn't need to be "hacked" as such. People could receive their email normally and still have their information stolen.

At least that is my understanding of things.

 

[vito]

Wow. I've said it before and I'll say it again. There are a lot of very clever criminals out there. Pity they don't channel their intelligence and talents to positive use. Just imagine what they could achieve.

Vito

 

[Simon]

Wow. I've said it before and I'll say it again. There are a lot of very clever criminals out there. Pity they don't channel their intelligence and talents to positive use. Just imagine what they could achieve.

Vito

No kidding.

There's a small percentage of them that actually get "rewarded" for it. Many top companies are now hiring "reformed hackers" to secure their own networks and protocols.

Who better to lock them down, than the people who would usually be exploiting them?

Simon

 

[Immortal9]

As they all said. Here are some good readings on a free service that "blocks" the hackers.

http://www.pcmag.com/article2/0,1759,26905,00.asp
http://www.pcmag.com/article2/0,1759,1132842,00.asp