Cybersecurity, New

Hackers Can Change an Email after It’s Already in Your Inbox

This week, researchers have uncovered an email hack that allows hackers to modify emails once they are already in your inbox.

What is it?

Francisco Ribeiro, a researcher at Mimecast discovered this exploit and called it Ropemaker. The cryptic name stands for Remotely Originated Post-delivery Email Manipulation Attacks Keeping Email Risky and takes advantage of CSS and HTML. This particular exploit is very difficult for users, even tech savvy ones, to detect.

“The origin of Ropemaker lies at the intersection of email and Web technologies, more specifically Cascading Style Sheets (CSS) used with HTML,” said Mimecast’s Matthew Gardiner in a blog post

Hackers don’t need even need access to your computer or email app for the hack to work.

What does it do?

The exploit allows hackers to change an email that they themselves sent once it is already in the inbox. The reason this works is that a nonmalicious email can pass through all of the spam and security filters. Once it has reached the inbox, the hackers can change the email. For example, they can change a malicious URL for the original one.

Using this “Switch Exploit”, they can direct users to sites that will infect their computer with malware or steal sensitive information (think banking passwords). Some systems are setup to catch this URL switch, while others are totally vulnerable.

The researchers that identified the hack cannot say with 100% certainty where and how this hack is being used. Allegedly, users of Apple Mail, Microsoft Outlook, and Mozilla Thunderbird are all vulnerable to this attack. Hundreds of millions of users are at risk.

How can you protect yourself?

Hacks like these show just how creative hackers get. As users get smarter and more aware of hackers’ sneaky ways, hackers develop more sophisticated hacks. This way, they are able to steal your data, privacy, and finances, despite the security measures you have taken to protect yourself. These new hacks are meant to trick even the most cautious and aware tech users.

Still, this is just another attempt at social engineering that can be spotted and successfully reported, with the proper security measures in place. This can only happen if users are aware of basic cyber security hygiene principles.

Our security operations leader Kestas shares his best tips about staying safe:

  • Make sure you know email sender before opening an email
  • Think before you click. Some email clients start rendering email content as soon as you click on the email. If you have doubts about the legitimacy of actual email message – don’t even click on it.
  • Ignore unusual messages. Did you expect the email you received? Does it seem unusual? If so, just ignore it.
  • Be 100% sure. Be vigilant about generic looking requests to provide personal information. Keep a look out for poorly designed email forms. Never respond with personal information if you are not 100% sure the email is legit.
  • Remember: legitimate companies will always redirect you to a secure website, rather than asking for passwords and other information in an email response.
  • Keep your browser and other software up to date. Make sure you take a few minutes to update your computer/phone as soon as new security updates are available.
  • Stay up to date. Make sure you maintain proper tools and software (such as a firewall) to fight against phishing and other means of social engineering.

Check out our ULTIMATE guide to not getting hacked to learn some more about staying safe online.