Booby Trap your Email: catch common snoops

mousetrap THIS ARTICLE IS NOT SERIOUS DORKAGE. ANYONE SHOULD BE ABLE TO DO IT. You’re probably here because you suspect someone (parent, spouse, sibling, roomate, etc.) is reading your email. That’s the problem.  Before I describe the booby-trap I will insert this caveat:  Problems like this are best avoided from the get-go. Did you ever consider logging out of your facebook, hotmail, etc.,   and/or not leaving your computer on all the time? Didn’t think so. Secondly, what kind of a significant other would spy on you?  On the other hand,  if you act suspicious you deserve it. If it’s parents or your sister who’s graciously letting you sleep on her couch you could move out.  That would require you paying your own rent of course and may not be an attractive option for you. Thirdly why are you getting emails that you don’t want your near and dear ones to know about in the first place? OK, I withdraw that question. If you must get dicey emails, it’s not that hard to remove all footprints.  That does require a bit of work and we’d all rather not do that. Nah…… these bits of wise living advice are usually ignored.  You want to:

  • continue living with the snoop so you can continue eating their food
  • continue getting the dirty emails
  • not clean up after yourself
  • not get caught.

And besides, you would really like to trap someone in the act of snooping in your email, wouldn’t you?

This trap I’m about to describe is a simple one adapted from an article by Erik Larkin and Jeremiah Grossman. If your mom or significant other has any real hacking skills, they can get the bait without tripping the trap. But it will catch 99% of casual snoops.

What you’re going to do is make a “bait” email to yourself with a juicy-sounding  “from” address. This email will have a juicy sounding subject as well as an attachment with a hidden counter in it. When your target comes snooping around, he or she won’t be able to resist opening the attachment, which, of course, trips the booby trap. Wham! You got ’em!

STEP 1: CRAFT THE ATTACHMENT

Sign up for a free account at a free stats counter site.  If you don’t know one, use OneStat.com.  They will send you a link which, when clicked, will give you your tracking code.  Put this tracking code in a file called “sluttysexkittensteamypix.html”,  “raulandbrandyhavingfun04-08.html” (or whatever name you think is likely to lure your victim.)  Make sure the last part of the file name is .html and save it to your computer.

This is what mine looks like:

<!--ONESTAT SCRIPTCODE START-->
<!--
// Modification of this code is not allowed and will permanently disable your account!
// Account ID : xxxxxxxxxxxxx
// Website URL: put any website here
// Copyright (C) 2002-2007 OneStat.com All Rights Reserved
-->
<div id="OneStatTag"><table border='0' cellpadding='0' cellspacing='0'><tr><td align='center'>
<script type="text/javascript">
<!--
function OneStat_Pageview()
{
    var d=document;
    var sid="xxxxxxxx";
    var CONTENTSECTION="";
    var osp_URL=d.URL;
    var osp_Title=d.title;
    var t=new Date();
    var p="http"+(d.URL.indexOf('https:')==0?'s':'')+"://stat.onestat.com/stat.aspx?tagver=2&sid="+sid;
    p+="&url="+escape(osp_URL);
    p+="&ti="+escape(osp_Title);
    p+="§ion="+escape(CONTENTSECTION);
    p+="&rf="+escape(parent==self?document.referrer:top.document.referrer);
    p+="&tz="+escape(t.getTimezoneOffset());
    p+="&ch="+escape(t.getHours());
    p+="&js=1";
    p+="&ul="+escape(navigator.appName=="Netscape"?navigator.language:navigator.userLanguage);
    if(typeof(screen)=="object"){
       p+="&sr="+screen.width+"x"+screen.height;p+="&cd="+screen.colorDepth;
       p+="&jo="+(navigator.javaEnabled()?"Yes":"No");
    }
d.write('<a href="http://www.onestatfree.com/aspx/login.aspx?sid='+sid+'" target=_blank><img id="ONESTAT_TAG" border="0" src="'+p+'" alt="This site tracked by OneStatFree.com. Get your own free site tracker."></'+'a>');
}

OneStat_Pageview();
//-->
</script>
<noscript>
<a href="http://www.onestatfree.com"><img border="0" src="http://stat.onestat.com/stat.aspx?tagver=2&sid=516777&js=No&" ALT="web site analysis"></a>
</noscript>

STEP 2:  GET A FREE HOTMAIL ACCOUNT

Make the name something extremely sexy or juicy.  Use your imagination.  You know your victim and what is likely to tempt them.

STEP 3:  SEND AN EMAIL TO YOURSELF

From your new sexy hotmail account, send an email to yourself at your main email that you think is being snooped.  Make up an extremely juicy subject line, like “XXX pictures from last weekend.”  The body can be “Please don’t let anyone see this. WINK WINK”  Attach the html file with the tracking code.  Make sure you receive the email.  If it falls in your spam folder, move it to your “good” folder.  If you don’t receive it,  either hotmail, your ISP, or your email client might have thought it was too hot to handle and blew it away “for your own good.”

Once you receive the rigged email,  all you  do is sit back and wait.  After a few days, log in at OneStat and see if anyone has hit your counter.  If they have, it will look like this:

onestat-hit-tripAt the left is a menu and if you select Visits>Last Visitors you can see information about who tripped the counter and when they did it.   Compare the ip address against yours.  If they are the same, then you know someone at your location snooped on you and you probably know who it is.    If the ip addresses are different you have a bigger problem.

28 comments to Booby Trap your Email: catch common snoops

  • I like it! I have to try this out – thanks!

  • I got amused–and educated–after reading this blog. A horrible coworker (who always snoops around my assignments–and imitates them) had set a ‘booby trap’ as you call it, to set me up. She wanted me to catch on doing something that look like I’m snooping on her: caught-in-the-act. Good thing, I’d learned to ignore her a long time ago so I didn’t bite into her trap. Hmmm… I think I’ll use this one on her. Maybe, it’s time to get even. What d’ya think? 😀

  • Give it a shot and see if you can nail her. If she’s truly as horrible as you say she deserves every bit of poo that can be flung at her. And I do know such people exist. I’ve worked with them too. Might be fun!

  • Woah it’s that simple? I guess noone snoops in my account since my password is a random string of 16 characters and I always clean everything before leaving the browser but still I might do it just in case.

  • Very interesting idea. While it probably would not catch or be effective against a real hacker, it does offer a very easy way to catch a snooping girlfriend or coworker.

  • Looks very interesting indeed. Well, this really wont work against someone pro in hacking but definitely will work with almost everyone who are really interested in knowing what you are up to and they act as voyeurs and spy on you. Some do it if they doubt that you are in some kind of wrong-doing and some just for sheer fun and that extra spice that you might have in your daily scheme of things.

  • I enjoyed this post very much! Describing the scenario of living on a sister’s couch strikes a chord, I have to say! In any case, count your blessings and be discrete with your online naughtiness, I say!

    Jokes aside, this is a cool trick to verify if there is snooping taking place….if you really want to know, or care about it.

  • admin

    I’m so boring I would have to PAY people to snoop in my email.

  • I can see someone loving this and taking it really personal. I think what will amaze me the most will be catching up my own dad or mom snooping my mails.lol
    Definitely,definitely going to give this a go..

  • Yet another eye opener for those of us that think we can’t be scammed. I’ve fallen for this before and will tell you that anyone ,no matter how cautious – can be a victim.

  • Hahah, finally I have a way to catch my GF red-handed! I’ve been suspecting she’s been going through my mail but when confronted – she denied it. Now I have the way to obtain real evidence, and I’m not going to pass on it. Wonder what she’ll do to make it up to me, eh ?;)

  • Wow good idea, I might try it out but I don’t think someone from my house snoops my mails.Isn’t it easier if you have two mails for all those good and bad stuff. he..he..
    -Ben.

  • That’s pretty simple, too! Any way you can get it to take a photo of them with their webcam too so you know who it is?! :o)

  • admin

    Robinhood: to do what you suggested is possible. However it would require some programming. You would have to have the webcam on, and you would write a script that would actually talk to the hardware and capture ten seconds of video or so and save it to the hard disk. You would also need something more elaborate than a simple third party web counter in your baitmail. It would have to be a javascript that triggered your camera script. In most situations you have a pretty good idea who the snoop is. I, for example, would feel very flattered indeed if *ANYONE* thought my email was interesting enough to snoop in.

  • I have to share this with my friend, who’s overly paranoid that someone is sniffing through her emails.

  • Can’t wait to try this one. But I’ll never use it to hurt someone. Just want to try if it really works!

  • I think everybody should have the do follow plugin installed.Thanks for the post and the information. It is really hard to find the right plug-in. I tried the “you comment, I follow” one but I did not realize that there were additional settings to make it work correctly (i.e. nofollow)

  • This sounds great, could have a good laugh with some mates with it thanks.

  • Someone

    Very clever. ^_^

    Of course, you should just protect your emails in the first place by using a strong password for your Windows account and making your data private using control panel… xD Of course, ALWAYS ALWAYS ALWAYS go Start Menu > Log Off > Switch User before leaving your computer unattended.

    Of course, it’s still a good way to catch ****s in your life who don’t give a **** about your privacy… Lets you know whom you can really trust in other contexts without getting stabbed in the back… (i.e. if you catch your sister ****ing around with your emails, then why should you trust her with any information?)

  • As for me – I think it is very difficult..

  • little is complicated. I need to read it again hehe I greet all

  • Good idea, never thought of this before, thanks

  • lol-this is soo sneaky but soo good. Luckily I use gmail and it will tell you the last time you logged in, assuming that you log out after reading your emails. It will also tell you if a different IP address was used.

  • I appreciate seeing sites that comprehend the worth of providing a prime useful resource,his help to make this website worth coming back to for even more info,3$

  • The Zune concentrates on being a Portable Media Player. Not a web browser. Not a game machine. Maybe in the future it’ll do even better in those areas, but for now it’s a fantastic way to organize and listen to your music and videos, and is without peer in that regard. The iPod’s strengths are its web browsing and apps. If those sound more compelling, perhaps it is your best choice.

  • yeah,I just believed you may well need to realize that your weblog is messed up whenever you view it on my iphone. I?m not sure if it has some thing to complete with my phone?s browser or your site? just declaring…

  • Looking very funny. this really will not work against hackers but definitely will work for genuine users.

A sample text widget

Etiam pulvinar consectetur dolor sed malesuada. Ut convallis euismod dolor nec pretium. Nunc ut tristique massa.

Nam sodales mi vitae dolor ullamcorper et vulputate enim accumsan. Morbi orci magna, tincidunt vitae molestie nec, molestie at mi. Nulla nulla lorem, suscipit in posuere in, interdum non magna.