Main article: Email spam
Spam is created by attackers who send unsolicited commercial or bulk email. Spammers continuously attempt to find new ways around the increased legislation and policies governing unsolicited emails. Attackers often send massive email broadcasts with a hidden or misleading incoming IP address and a hidden or misleading email address. If the spammers were to gain access to a company's email and IP address, the impact on the company's business could be devastating. The company's Internet connection would be terminated by its Internet Service Provider (ISP) if its email and IP address are added to the blacklist of known spamming addresses. Effectively, this would shut down the company's online business because none of the emails would reach their destination.
Main article: Computer virus
A virus incorporates email as a means of transportation. This type of virus is often called a worm - the sobig virus is an example. This virus creates a spamming framework by taking over unwilling participants' PCs.This is a major threat to email security because the spam will continue to spread, triggering dangerous viruses with malicious intent.
Phishing is a type of cyber-attack that involves emails that appear to be from legitimate businesses that the user may be associated with. As these phishing emails are scams they are designed to look as though they come from the claimed entity. These messages ask for verification of personal information, such as an account number, a password, or a date of birth. Twenty percent of unsuspecting victims respond, which may result in stolen accounts, financial loss, or even identity theft. It is best not to respond to unsolicited emails as they may be attacks of this kind. If one deems it necessary to respond to an unsolicited email, they should be sure to check it for misspellings or odd phrasings as these can be a giveaway of illicit activity. It is also not a good idea to open email attachments from senders one does not trust.
Preventing email hacking
Email on the internet is commonly sent by the Simple Mail Transfer Protocol (SMTP). SMTP does not encrypt the text of emails, so intercepted mail can be read easily unless encryption is used. The identity of the sender or addressee of an email is not authenticated, and this allows opportunities for abuse, such as spoofing. It is important to guard all gateways of a network. Having a firewall and anti-virus software are adequate for personal use; however, this is often not enough for a corporate business. Security measures such as a sniffer and an intrusion detection system (IDS) determine if someone is accessing the network without permission, detecting any network intrusion attempts. In order to spot any weaknesses in a company's network, security specialists will perform an audit on the company. They may also hire a Certified Ethical Hacker to perform a stimulated attack in order to find any gaps in existing network security.
Although companies may secure its internal networks, vulnerabilities can also occur through home networking. Email may be protected by methods, such as, creating a strong password, encrypting its contents, or using a digital signature. An email disclaimer may be used to warn unauthorized readers, but these are thought to be ineffective. Other ways that one can secure personal email accounts include enabling 2-factor authentication in settings and use of an encrypted email service such as Proton mail.
Cases of email hacking
Email is increasingly replacing letter mail for important correspondence, and the increase of email usage has led to several notable cases in which emails were intercepted by other people for illegal purposes. For example, email archives from the Climatic Research Unit were leaked to create the scandal popularly known as Climate gate. Journalists employed by News International hacks email accounts of celebrities in search of gossip and scandal for their stories. Individuals, such as, Rowena Davis have had their accounts taken over and held ransom by criminals who tried to extort payment for their returned use. The email accounts of politicians, such as Sarah Palin have been hacked in order to find embarrassing or incriminating correspondence. On February 8, 2013, the media reported another incident of compromised email. This time from the former United States president, George H.W. Bush. It was reported that the hacker stole photographs and personal emails, including addresses and personal details of several members of the Bush family. Hillary Clinton has also had recent[when?] controversy regarding her use of private unsecured email server. There are even some who speculate that the email server could have been breached by the Russian or Chinese governments. All of this has resulted in an, as of yet unresolved FBI investigation.