Anonymous Remailers VS Identity Theft

Anonymous Remailers VS Identity Theft

Date: May 10, 2019

Identity theft can have a large impact on an individual, especially if the identity is in the hands of a social engineer. This can lead to information gathering and eventual social engineering attacks. I explored some ideas of how identity theft can be stopped, or at least made more difficult and eventually coded an anonymous remailer to see if this might work.

The idea is that the remailer can protect the identity of the sender of an email, and with some modifications can protect the receiver as well. If someone phones a call centre and convinces the call centre agent to send them an email containing some documents (something related to the “call”), the recipient then has access to the agent’s email address and the information gathering process can start. This can lead to penetration into the organisation due to one employee.

In our article, “Protecting e-mail anonymity with an anonymizer bouncer”, we proposed a model to protect the identity of the call centre agent, so that the above mentioned scenario can be prevented. A middle-man remailer is created which handles all e-mails being sent to and from the call centre. The call centre agent sends an email to the remailer, with the caller’s email address integrated in the subject. The remailer system then encrypts the sender’s email address, changes the header of the email and forwards it to the caller, removing all traces of the call centre agent’s email address. The caller can then hit reply at which point it will go back to the remailer, which will decrypt the agent’s email and forward the reply to the agent.

This may not be the ultimate solution to all our identity theft problems, but it at least makes it a bit harder as all emails are traced back to the remailer (which is on a separate server not linked to the call centre).

 

Blog Posts

  • Featured

    Anonymous Remailers VS Identity Theft

    Identity theft can have a large impact on an individual, especially if the identity is in the hands of a social engineer.

    Read More
  • Featured

    Psychology behind Social Engineering

    Being the victim of social engineering can be rather degrading and leave you feeling violated. It is key to remember that at no point are you to blame for being the victim of these types of cyber attacks, after all, it is the social engineer's intention t

    Read More
  • Featured

    What is Social Engineering

    Current definitions specify different ideas as to what social engineering involves. However, the only element that all of these definitions have in common is that a human is exploited in order to gain some unauthorised information or perform some action.

    Read More