Question

• The collection of system forensics evidence is governed by the general rules of criminal evidence. As such, it is subject to a number of well-established and formal steps. As a pervasive form of communication and commerce, e-mail also presents many opportunities to facilitate criminal activities. You have been hired to help investigate a computer crime. Respond the questions given using the scenario below.

A classic phishing attempt. Mark received an e-mail plea asking for his assistance in retrieving funds from an African bank. He provided personal information to help with the transaction. Within a week, he noticed that his bank account was plummeting. He had been phished!

1. How would you proceed with your investigation? Explain what steps you would take to examine the e-mail messages.
2. Analyze the information that might be useful to your investigation from looking at the headers of the e-mail messages.

• Innovation Technologies, a cloud data storage provider, wants to send a mass e-mail message to former customers announcing that, now offers managed IT services. That means Innovation Technologies can remotely monitor and manage a client’s virtual computers and servers 24/7.

Discuss the stipulations of the CAN-SPAM Act. What must Innovation Technologies do to adhere to the act?

If you read all the info is there dude. Forget it i will figure it out.

Answer 1

1.

In the fight to safeguard data, one of the biggest risks faced by a person is phishing emails. Data breaches, identity theft and fraud can often be traced back to a person clicking on a bogus link, opening an attachment or replying to a request in a suspect email, unwittingly compromising your network with malware or giving away passwords or other sensitive data.

Many phishing emails are relatively easy to spot by just looking on the email headers.

I'll start the investigation by looking

• Sender’s email address: Look at the domain it’s from—is it a legitimate domain you recognize? Sometimes it may appear legitimate at first glance, but closer inspection reveals erroneous spelling. There could be just one letter different from the real name or a number used in place of a letter, such as using “5” for “S”.
• Who was the email sent to? If there are multiple recipients and you don’t know the other people or it’s an unusual mix, then that’s a red flag.
• Examine hyperlinks: If you hover over a link and it appears to point to a different URL than what is displayed in the email, you can be certain it’s a scam. Make sure you check the spelling here as well, but never click the link.
• When did it arrive? It’s worth looking at the time the email was received. Is it outside of normal working hours?

When it comes to headers

If you’re still not sure about the authenticity of an email, then it’s time to look at the header. An email header is created at the point of origin and it changes every time that email passes through an email server, gateway or inspection device. By reading the email header from top to bottom you can often retrace its steps back to the source. In some cases, scammers will spoof data in the email header, but they rarely take the time to do it, so it’s a useful thing to check.

The process to get the full email header is different depending on what email client you use. If you’re using Outlook, for example, then you need to open the email in question and click File > Properties, then look in the field where it says Internet headers. If you click in here and hit CTRL + A to select all, you can then paste the contents into a Notepad file where it’s a little easier to see.

The first thing to look for is the X-Originating-IP as that will give you the IP address of the original sender. If you can’t find it, then look for the entries after Received: you’ll see all the mail transfer agents (MTAs) that the email has passed through. Look for the one nearest the bottom and examine the IP address or domain name.

You can use various websites online, such as WhatIsMyIPAddress to look up IP address locations or do a search at the American Registry for Internet Numbers. This can reveal any disconnect between the domain or country of origin and whoever the sender is purporting to be.

For example, if the email appears to come from Microsoft but is actually from a strange domain in Russia, you can be certain it’s not legitimate. I know this can seem like a “Duh” moment, but every day we see our clients’ employees fall victim to simulated phishing bait again and again. A lot of it is habitual, ape-like behavior: See link: Must click!

Ultimately, it’s best to err on the side of caution with any suspected phishing email. You should always go direct to any company or person, using separately sourced contact details not included within the suspicious email, to verify any potentially risky request before acting.

2.The Controlling the Assault of Non-Solicited Pornography and Marketing Act – or more simply the CAN-SPAM Act of 2003 – is made up of several rules which outline appropriate and inappropriate actions regarding commercial emailing.

All United States (US) businesses that send commercial emails – or employ third-party services to send electronic mail on their behalf – are subject to comply.

CAN-SPAM classifies emails into three categories:

1. Commercial
2. Transaction or relationship content
3. Other

Mailings and digital communication that are informational, or which detail a transaction or relationship, are not considered to be commercial, and are therefore not covered by CAN-SPAM.

However, this spam act does apply to advertising messages and content sent by businesses to consumers through social media channels, such as Facebook, Twitter, and Linked.

Complying with CAN-SPAM is relatively simple for most companies, assuming your email strategy doesn’t rely on spam, dishonesty, or inappropriate materials.

However, CAN-SPAM rules can be added, removed, or amended by the FTC at any time. So, it’s important to understand what the current provisions of CAN-SPAM entail, and how you can ensure your business is compliant with them and adhering to best practices.

1. Be honest and focus on transparency

Like most of the privacy laws that have emerged with the rise of the internet, CAN-SPAM seeks to increase business-to-user transparency. One of the key provisions of the act is the requirement that information in emails be honest. The following details of your commercial messages should be clear and truthful:

• Subject line – Before CAN-SPAM, “clickbait” subject lines ran rampant (e.g. “Attention Needed ASAP,” “You’re the Winner!” etc.). Now, it’s critical that the subject of your email messages accurately reflect the content inside.
• Email addresses and domain names – Don’t send electronic mail from a fake or unrecognizable account. Make your domain name clear and correct.
• “To” and “From” – Another remnant of the wild west days of email marketing, addressing messages from fake senders is not permitted under CAN-SPAM requirements.

Complying with these requirements should not be difficult, as being dishonest in any of the above categories is likely a pointed effort.

2. Label the message as an ad

According to CAN-SPAM Act of 2003, commercial messages sent for the primary purpose of advertisement or solicitation need to be clearly and conspicuously labeled as an ad.

3. Warn of explicit content

The Commission adopted a new CAN-SPAM rule in 2004 known as the Label for Email Messages Containing Sexually Oriented Material (Adult Labeling Rule). Under this rule, if you send any message containing sexually-geared content, you must:

1. Indicate the presence of explicit content by writing “SEXUALLY-EXPLICIT:” at the start of the email subject line.
2. Only make non-explicit media and information viewable upon the opening of the message.

4. Include your address

Every commercial message sent from your company needs to include your valid, registered postal address somewhere in the email. Most often, this means including your physical address, PO Box, or otherwise registered mailbox in the footer of all your emails.

5. Allow for opt out

Under the legislation, people have the right to opt out of receiving email messages from your business at any time. There are four specific features of this rule that you must follow in order to comply:

1. Present users with an obvious means of opting out – Include an easy-to-find link in the text or footer of every electronic mail you send that falls under the subjugation of CAN-SPAM. This link should clearly indicate that people can unsubscribe or opt out of receiving future messages.
2. Honor opt-out requests in a timely fashion – Presenting users with a link or button that promotes opting out is pointless if you don’t honor those requests. In order to comply, you must address these requests by removing the user from your mailing list within 10 business days of receiving the request.
3. Allow opt out for at least 30 days – After you’ve sent a message containing an opt-out function, users have at least 30 days to opt out of communications using that opt-out function.
4. Users cannot be incentivized against opting out from your email list

6. Accept responsibility for your company

Even if your product or service is being promoted by a third party (such as a marketing agency), you are still responsible for holding messages promoting your business to the high standards of CAN-SPAM.

Be careful when using third-party services – whether those are marketers or email marketing platforms – and ensure that emails sent from or about your company comply fully with these requirements and your own privacy policy emails. Otherwise, you’ll be the one paying the price.