Email Fraud alerts – Ropemaker

Email Fraud alert – Ropemaker

It is becoming more and more evident over recent years that the content of an email could feasibly be changed by the sender after it had been received and read by the recipient. Due to increasingly sophisticated tools and ever evolving techniques in email fraud these changes can even be made from a remote site without direct access to the recipient’s computer. This activity could lead to something as a simple as terms of a contract being modified after sending or as serious as modifying evidence in a criminal investigation.

In this case, the future is now. ROPEMAKER is form of cyberattack that takes advantage of the use of cascading style sheet in HTML email. CSS typically contain information about the format and layout of a document such as a webpage or an email. This enables web designers to separate the content of a webpage from the way the page looks, and manipulate each independently of the other.

Google security engineer Francisco Ribeiro worked out a method for coding text as format or layout data in a CSS. Due to the fact that the text message in the body of the email is part of the CSS, it can be altered from the remote server at any time.

Webmail platforms such as Gmail, Yahoo Mail, Outlook.com and icloud.com are not affected by ROPEMAKER, however, email clients that reside on the user’s hardware like Mozilla’s Thunderbird and the desktop and mobile versions of Outlook and Apple Mail are vulnerable. Vulnerable systems can be protected by disabling HTML email and only allowing email to render in plain text. This is not an ideal solution as it looks terrible, but it does work.

The best possible outcome for ROPEMAKER is that this is the last you’ll ever hear of it because malicious actors don’t use it for nefarious purposes. However, a defence that rests on hoping the bad thing doesn’t happen is no defence at all. Mimecast hopes that making their work on ROPEMAKER public will motivate security specialists to develop real defences so that if ROPEMAKER appears in the wild it can be countered quickly.

How can Frama help?

Frama RMail a solution that makes using encryption easy for both sender and recipient, navigating many of the issue outlined above.

The sender simply uses a two-click system to send the encrypted email. The recipient does not need to install any software, open an account or log on to any portal to access the secure email message. The recipient opens the email in exactly the same way as any other email!

To ensure that the reply from the recipient is also encrypted, RMail provides an easy-to-use “reply encrypted” solution within every message received.


Due to this ease-of-use, RMail removes the perceived barrier of entry to encryption and provides a simple solution to a previously complicated problem ensuring security and compliance when sending sensitive and/or financial data via email.

Source Forbes.com

Contact us

  • Prevent email fraud