search

Phishing

is a cybercrime in which a target or targets are contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data.

hashtag
Email Header :

before we can say whether this is a phishing email or not we have to check some important fields like :

From: indicates the name and email address of the sender.

To: basically indicates the name and email address of the receiver. Fields like CC (carbon copy) and BCC (blind carbon copy) also fall under this category.

Date: This is the timestamp that shows when the email was sent.

Subject: The subject mentions the topic of the email.

Return-Path Or Reply-to: If you reply to an email, it will go to the address mentioned in the Return-Path field.

Domain Key and DKIM Signatures: The Domain Key and Domain Key Identified Mail (DKIM) are email signatures that help email service providers identify and authenticate your emails, similar to SPF signatures.

Message-ID: Multipurpose Internet Mail Extensions (MIME) is an internet standard of encoding. It converts non-text content like images, videos, and other attachments into text so they can be attached to an email and sent through SMTP.

Received: The received field lists each mail server that went through an email before arriving in the recipient's inbox. It's listed in reverse chronological order — where the mail server on the top is the last server the email message went through, and the bottom is where the email originated.

hashtag
Abnormal-Suspicious :

  • it is suspicious if the "From" field Differs from "Reply-to" field.

  • it is abnormal if the email was From someone you don't know (normal in some cases).

  • from Date, you could know the time the sender send the email so could know when he works.

  • Careful the attractive Subjects, like " your credential is about to end renew it now"

  • you have to search about the Domin the email send from too, if the domain appeared from near time or has any suspicious behavior. you could find it at mxtoolbox.comarrow-up-right .

  • this examination will check for spoofing too by checking DMARC, DKIM, and SPF methods.

  • DMARC, DKIM, and SPF are three email authenticationarrow-up-right methods. Together, they help prevent spammers, phishersarrow-up-right, and other unauthorized parties from sending emailsarrow-up-right on behalf of a domainarrow-up-right* they do not own.

  • DKIM and SPF can be compared to a business license or a doctor's medical degree displayed on the wall of an office — they help demonstrate legitimacy.

  • If there are any attachments with the email DON'T TRY to open them, if it was a URL link you have to examine it at https://www.virustotal.comarrow-up-right then there is a good site to open the link safely. https://www.browserling.comarrow-up-right , if the attachment was a file examine it at virus total first and you have another option to open it at a virtual machine.

There are many procedures to follow, but they protect you from falling prey to a phishing attack.

For questions feel free to message me.

Thank you

PreviousPacketDetectiveNextDMARC, DKIM, and SPF mechanism

Last updated