State of Alaska, Department of Administration, Enterprise Technology Services

Departments >  Administration > ETS > Security > Security Awareness > Awareness Bulletin - Email

Cyber Awareness Bulletin

The following cyber awareness bulletin was issued by the State of Alaska. The information may or may not be applicable to the general public and accordingly, the State does not warrant its use for any specific purposes.

E-mail Safety Tips

  • Frequently change your log-in password. Changing your password often will increase the likelihood that your e-mail remains secure. In addition, passwords with upper and lower case alpha-numeric and special characters are harder to break – be sure to use a number, a special character and letters with upper and lower casing.
    More information on passwords
  • Don’t share your password.  E-mail administrators should not ask for your password. Do not be fooled by suspicious e-mails asking you for your password. This is a ploy designed to fool you into sharing your password. As a simple rule, never share it with anyone.
  • Never open attachments from unknown sources.  And be cautious about attachments from people you know.  They may contain Trojan horses, Worms, or Viruses, which can seriously damage your personal or work computer.  Make sure your virus checker scans all attachments from your friends before you open them; this is a common way for viruses to spread. More information about the hazards of e-mail attachments.
  • Always log out/sign off when you are finished with your computer.  It's quick, easy, and may save your account from unwanted trespassers.  If you are using a public terminal, exit the browser you are using when you are ready to end your Internet session.  Be sure to clear your history and your Cookies.
  • Do not reply to spam e-mail messages, or other harassing or offensive mail.  By responding, you only confirm that you are an actual person with an active e-mail address ... who can be plagued with constant unwanted e-mail solicitations. Instead, forward the unsolicited message to the customer service department of the source's e-mail server.  More information about spam.
  • Use common sense when you're sending and receiving e-mail.  It is good to maintain a strong sense of skepticism.  Always use caution when revealing personal information, such as your social security number or physical address to anyone you communicate with through e-mail, even if they purport to be someone of authority.

Encrypted E-mail

E-mail is most widely used form of communication in the world. Millions of businesses and personal users rely on it for its speed and efficiency. Unfortunately, standard e-mail is insecure.

Encrypting e-mail allows secure communication between the sender and recipient. The following scenario describes the e-mail encryption process:

Encryption is the process of scrambling data so that without a secret decryption key you cannot read it. It ensures privacy by keeping information concealed from anyone who is not authorized to see it.

  1. Jill wants to send an e-mail to Jack, but doesn't want anyone else to be able to read it.
  2. Jill encrypts the plaintext message with an encryption key.
  3. The encrypted message, called ciphertext, is then sent to Jack.
  4. Jack decrypts the e-mail with the decryption key and is able to read the e-mail.
  5. A hacker named Bob wants to read the e-mail, but can't recover the plaintext without the decryption key.

For more information about encryption please visit this link.

Steganography

Many files, including images (.jpg, .bmp, .gif) and sound or music files (.mp3, .wav) contain unused data blocks. Steganography is the method of filling these unused blocks with a hidden message. Steganography is often used to send illegal or illicit messages including communications between terrorists or cyber-criminals.

For more information about steganography please visit this link.

How To Interpret an E-mail Header

If you receive a threatening or potentially criminal e-mail, there are a few steps you can take to try to determine the individual origin of the e-mail.

An e-mail header conveys some very important information. By default, most e-mail programs are configured to show only brief headers. By viewing the full header you can obtain key information.

Instructions on viewing the full e-mail header may vary depending on your e-mail software, this process will vary.

By examining the full header, you can determine the server that the e-mail passed through and the IP addresses of both the sender and the recipient.  Once you have determined sender's IP you can learn how to trace the IP Address.

Brief Header


FROM: "Lulu Jones"
TO: Nope@hotmail.com; sdf9@comcast.net
Subject: A great deal!
DATE: Wed, 06 Mar 2003 09:36:17-0500

Full Header


FROM: "Lulu Jones"
TO: Nope@hotmail.com; sdf9@comcast.net
Subject: A great deal!
DATE: Wed, 06 Mar 2003 09:36:17-0500
              MIME-Version: 1.0
              X-Originating-IP: [63.131.101.68]
              Recieved: from 63.131.101.68 by lw15fd.law15.hotmail.msn.com with HTTP;
             Wed, 06 Mar 2003 14:36:17  GMT

The order of information in a full e-mail header may vary from system to system, but could include these items:

  • From:  Indicates who sent the e-mail.
  • To:  Lists the recipients of the e-mail. In the example above there are two.
  • Subject:  This is what the sender has typed into the subject field.
  • Date:  This indicates the date and time that the mesage was originally sent.
  • MIME Version:  MIME is an acronym for Multipurpose Internet Mail Extensions.  This indicates that your e-mail client is able to view images or videos as well as text.  This may not appear in all e-mail clients.
  • X-Originating-IP:  This line appears in many of the newer e-mail clients and shows the IP address from which the e-mail originated. This may not appear in all e-mail clients. 
  • Received:  This shows the routing IP by which the e-mail was sent and the time it arrived to the mail server. Essentially this can be used to trace the path that the e-mail took to get to your computer. The e-mail in the example above originated from a computer with the IP address 63.131.101.68. If several routing IP’s are listed here, the e-mail probably passed through multiple recipients. Your machine's information will be listed at the top. The sender’s will be listed at the bottom. Any other machines that the e-mail passed through will be listed in the middle.

This information was received from the Florida Department of Law Enforcement's Computer Crime Center web page.