Thursday, June 09, 2011

My Email Canary

Despite the fact that I use really long passwords and two-factor authentication wherever it's available I still worry that someone might break into my online accounts. And, my greatest worry is my Google Mail account.

In fact, everyone should be worrying about their online email accounts because they are the Achilles' Heel of your online identity. So much information passes through your personal email that it's a gold-mine for a hacker. Just imagine what could be done with the information on your online email account. Think of all the password reminders and password reset messages: access to your email means that an attacker could likely access many other accounts you own.

So, for my email I built in a canary: a tempting looking email that's sitting in my inbox that's entirely fake and designed to tempt an attacker into clicking on it. Here's a shot of my inbox:

That starred email from "Barclays Private Banking" is entirely fake. If you click it you'll see the following:

And in clicking on it you've activated the canary. The company logo at the bottom is being loaded externally from a private server that I own. On that server a script logs the complete information about the machine that loaded the picture and sends a text message to my phone:

What I wonder is if there's a commercial monitoring service that could be made out of this idea. For example, a service could insert canary images into online services and monitor when the canary is activated looking for odd behaviour. Clearly, it would require the cooperation of the vendors of online services to make it work, but perhaps that can be worked out with some sort of revenue share.

WDYT?

Labels: ,

If you enjoyed this blog post, you might enjoy my travel book for people interested in science and technology: The Geek Atlas. Signed copies of The Geek Atlas are available.

<$BlogCommentBody$>

<$BlogCommentDateTime$> <$BlogCommentDeleteIcon$>

Post a Comment

Links to this post:

<$BlogBacklinkControl$> <$BlogBacklinkTitle$> <$BlogBacklinkDeleteIcon$>
<$BlogBacklinkSnippet$>
Create a Link

<< Home