IP geolocation suspicious email messages

As the Internet and electronic mail continue to be utilized by an ever increasing number of users, so does fraudulent and criminal activity via the Internet and email increase. The negative effects of cybercrime activities on the use of the Internet for e-business and secure communications increased interest in studying the factors that motivate these criminals, their tactics and what can be done to mitigate their activities. The research in the area of email analysis usually focuses on two areas, email traffic analysis and email content analysis, but very poor in the area of visual analytics of emails. The paper presents the software for visualizing suspicious email messages based on the information provided in the email header (rather than the content of the email). This IP mapping tool, called MIPA, uses a Google Map to display the geographic position and integrates InfoDB, WhoIS databases, and the Google Maps API. Thus, the proposed work can be helpful for identifying and investigating suspicious email messages and also assist the investigators to get the information in time to take effective actions to reduce the criminal activities.