Millions of fake emails are sent every month by scam artists. And unfortunately, while many of us can make out if an email is fake by reading it, elderly people can’t. They fall for these scams, call the number in these emails and give away credit card information easily. You read about it in the newspapers every day.

But, it’s not just the elderly these days that fall for these scams. Scams have become much easier now for the bad guys. You don’t even need to call anyone to hack them and their accounts. A simple click on a link or downloading a document is enough.

And today, we’re going to look at one such case.

So, you’re chilling at home on a Sunday and receive an email from your boss. You’re getting a raise! All your hard work has finally paid off. But you don’t remember your boss telling you anything about it at work, so you’re a little suspicious. But then, you check the email ID the message has come from and it says ceo@yourcompanyname.com. Well, the email ID is legit, your boss has sent you emails from that same address before. Surely, this isn’t a phishing scam. Until you realize, it is.

It is very easy to impersonate email identities. I could send you an email from president@usa.gov and you won’t have a clue if this email is real or fake. Let’s understand how.

First, we'll start with this scammy email I've sent to myself for demonstration.

The Email Address (ceo@yourcompanyname.com) looks legit. The average Joe would definitely click on the malicious link that could compromise his laptop/computer. But let’s try to figure out if this email is real.

Click on the three dots on the top right corner of the email you have received.

Now, there are two ways to go from here.

One, is to copy all of this raw text that we don’t understand and paste it in an automated ‘Email Header Analyzer’. Just Google “Email Header Analyzer” and click on the first link that shows up. (mxtoolbox.com is a trusted analyzer). The analyzer will tell you if the mail is legit or fake. This is an automated process and very easy, so we’re not going to cover this. If you have any problems with this, feel free to contact us and we’ll be happy to help.

The second method is a little more manual.

If you scroll down to the raw information part of the header, you'll find something strange in the "Received:" section of the email header.

It says the email comes from localhost at emkei.cz. That is strange. Let’s try to Google what emkei.cz is.

And to our surprise (well, not really), emkei.cz is a fake email generator website.

This is the same website I used to send myself that fake email. And there are hundreds of such fake email generators out there. The attacker writes the mail, with an additional field: From email. This will be the sender’s email for the fake mail to be sent to a victim. Whatever mail ID the attacker enters here, will be visible as the sender ID to the victim.

The attacker can add malicious links, documents, executables with payloads to the mail, and get access to the victim’s computer easily. And that’s about it. That easy.

The lesson here is you cannot just rely on the email ID the mail comes from. There are ways to spoof the mail address. Be sure to check the email headers if and when you receive emails that you aren't expecting.

Hash Cryptography is one of the main pillars of Blockchains. It is what makes blockchain what they are, a securely linked chain of blocks. And in this two part series, we’re going to learn why.

What is the easiest way for us to uniquely identify humans?

“Just by looking at them” is not the answer. There are too many people with the same hairstyle, similar facial structure, skin tone and almost all other visual factors.

I’m going to save your time, and tell you the answer.

Fingerprint.

The easiest way to uniquely identify humans is by their fingerprints. Almost every human has a unique fingerprint. And this can (and is) used to uniquely identify us.

What about digital documents? Or a text. Or an Operating System? How to identify these uniquely?

The answer is same. Digital fingerprint.

Hash Cryptography helps us to find these digital fingerprints. You take a piece of information (could be a pdf, a text, or a movie), pass it through a cryptographic hash function and the output you will receive is the hash (or digital fingerprint) of that document.

In our previous post, we studied how the chain of blocks is linked using the Previous Hash field in the Bitcoin Blockchain. The Previous Hash and the Hash field are computed using a cryptographic hash function.

The cryptographic hash function used in this case is SHA256. SHA stands for Secure Hash Family, a family of many cryptographic hash functions like SHA256, SHA512, SHA1, etc.

SHA256 was developed by the NSA (National Security Agency) and the code was later made open source. The 256 in the name denotes the number of bits it takes in memory. It is a 64 character long hexadecimal hash where 4 bits represent each hexadecimal number.

In the Bitcoin Blockchain, the current hash is computed by giving the Data Field and the Previous Hash field as input to the SHA256 function, and the function returns the output i.e. the hash or fingerprint of the given data.

You can use the SHA256 or any modern cryptographic hash functions to find the hash (fingerprint) of any piece of information. You can find the hash of documents, strings, executables, binaries, movies, entire Operating Systems, etc. Play around with SHA256 hash function here.

An important property of cryptographic hash functions is that they are one way. That means, you can go from a document to a hash, but not recover a document from the hash.  This is what makes hashes secure and protects the immutability of blockchains.

A good cryptographic hash function should have five important properties. We will cover these five properties in detail in Part 2, but you can watch a brief introduction to these properties in the video below.