How to do analysis when you find any suspicious mail

 



What is a phishing ?

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The goal is to trick the email recipient into believing that the message is something they want or need a request from their bank, for instance, or a note from someone in their company and to click a link or download an attachment.

What really distinguishes phishing is the form the message takes: the attackers masquerade as a trusted entity of some kind, often a real or plausibly real person, or a company the victim might do business with. It's one of the oldest types of cyberattacks, dating back to the 1990s, and it's still one of the most widespread and pernicious, with phishing messages and techniques becoming increasingly sophisticated.

What kind of things you need to be done when you see any suspicious mail in your inbox ?

1) First check the subject, it contains spelling mistakes.
2) Check the envelope and header, sometimes it might be different like for suppose if you are working in an organization the hacker will spoof the envelope with your company name and header will be different.
3) Check the body if it contains spelling mistakes.
4) Next  by clicking on three dots which will be in right side of the mail and click on "show original" and copy the body and paste it in mxtool box- analyze header
4) Now you can able to see the sender and return path, if it is different you can able to consider it is spoofed.
5) And you will be able to see the ip address, copy that ip and paste it on ipvoid.com or virustotal and check the reputation of the ip.
6) if you see any links which is from external sender don't click on the link, just copy the link and paste in urlvoid or virustotal, browserling from there you can able to see if it is asking for credentials you can thing that it is a phishing mail. just block the sender and delete the mail from inbox.
7) Usually mostly phishing mails contains links, which will ask for your passwords, credit card, bill payments.   

Mxtoolbox: You can able do to header analysis by using the mxtoolbox and you can able to see from where does the mail comes and how much times it takes to reach to you inbox and you will be able to see complete path of the mail.

mxtoolbox link: https://mxtoolbox.com/

urlvoid: When you get any suspicious link, just copy the link and paste in the urlvoid it will be showing you the screenshot of the page and on which date the domain is registered, and you will be able to get the ip of the link which is send by the attacker.

urlvoid link: https://www.urlvoid.com/

browserling: If you get any suspicious link just copy the link and paste it on this website you will be able to see the what does the link contains. 

browserling link: https://www.browserling.com/

ipvoid: If you get ip after checking in urlvoid or virustotal just copy that ip and paste in ipvoid you will be able to see the ip reputation. 

ipvoid link: https://www.ipvoid.com/


Comments