Eavesdropping is a passive attack in which an attacker gains access to the communication-medium through which some communication is taking place and then listens to the communication and gets information about the content of the message.
Eavesdropping can be carried out through all communication devices and media of todaytelephone systems, emails, instant messaging, other Internet services (e.g., chat rooms, social networking websites etc.), mobile devices etc. Eavesdropping activities do not affect normal operation of transmission and communication ; thus both the sender and the recipient can hardly notice that the data has been stolen, intercepted or defaced.
For ex'ample, while sending emails, if the email message is not encrypted and digital signature has not been used, then the attacker can exploit these security loopholes. Because of these security lapses, the attacker can launch a Man-in-the-Middle attack on the network and intercept the message being transmitted. The attacker can then deface the message and send it to the recipient. The recipient is then deceived into believing the defaced message is the real message and mav act as per the defaced messacæ and may provide personal or sensitive information.
Similarly sending or providing confidential information over insecure protocols like HTTP makes the information more prone to eavesdropping attack.