UNMASK can represent two things. First, it can mean a utility that is used to “unhide” passwords that are hidden behind asterisks in forms. Secondly, UnMASK (notice the slight difference in the way it is spelt) can refer to Undercover Multi-purpose Anti-Spoofing Kit, a technology that is being used on an experimental basis to counter phishing activities on the internet.

The two applications (password decryption and anti-phishing technology) seem related in that some degree of decryption is involved. A brief discussion of the former will be undertaken but the article will largely dwell on the latter.
UNMASK – Password Decryption

Passwords are usually hidden under asterisks for the purpose of maintaining security. But sometimes the user may forget the password. You can use UNMASK password recovery wizard to rescue forgotten or saved passwords on applications such as email accounts, online shopping store accounts, magazine subscriptions and so on.
UnMASK – Anti-phishing Technology

Phishing refers to the sending of unsolicited email to a group of people designed to lure them into revealing personal data which can then be used to perform mostly illegal activities.

Because of the rise of the practice called phishing, which involved using email to direct users to spoofed sites and then tricking them to reveal personal data, UnMASK can help cyber police uncover phishing schemes by investigating email headers in combination with other things like IP addresses to generate information about the email trajectory.

UnMASK uses UNIX tools such as whois, dig and traceroute and generates information which is then stored in a database.
UnMASK Components

UnMASK contains three main components: a web-based user interface, a UNIX tool system and a database system.

The user interface enables interaction between users and UnMASK to perform various tasks. Users may submit emails for analysis, and correlate such emails with certain properties by querying the system. UnMASK can identify the Internet Service Providers (ISPs) that forwarded the email, along with contact information. The connection between the web-based user interface and the UnMASK database is highly secure, given that users on the Internet can access UnMASK.

The database system combines all the components together and stores all the email related data.

It interacts with tools on a UNIX system to gather forensic information on email messages, which can then be used by police for the purposes of prosecution.
UnMASK and the Phishing Menace

The efforts directed at curbing phishing activities have been disproportionately directed at fake websites and not emails. To make matters worse, tools such as Spoofguard or Trustbar sometimes fail entirely to detect a spoof site or to communicate detection in a decisive manner. UnMASK is the comprehensive answer to the future phishing menace; not only does it help to forestall phishing activities over the internet; it also provides useful information that can help authorities prosecute cyberspace offenders.