+1 (512) 588 6950
Hey guys, it’s me Dheeraj Yadav and in today’s blog, we will learn about all the techniques used for analyzing email and verifying if it’s legit or not.
This blog is useful for everyone ranging from a normal internet user to CISO of an M.N.C. The blog is designed in such a way that there would be no way that you got any false positives.
Phishing is a type of online scam in which hackers send fake emails pretending to be from a legitimate company or individual in order to steal sensitive information such as login credentials, financial information, or personal data. These emails often contain links to malicious websites or attachments that, when clicked or downloaded, can infect the recipient’s computer with malware.
Phishing attacks have become increasingly sophisticated over the years, and hackers are constantly finding new ways to trick people into falling for their scams. In 2019, phishing attacks resulted in more than $12 billion in losses worldwide. It is crucial for individuals and organizations to be able to identify and analyze phishing emails in order to protect themselves from these attacks.
In this blog, we will only be targeting email phishing but some techniques can still be applied in performing other phishing attacks too.
For learning about other types of phishing attacks, refer to Different Types of Phishing Attacks
Firstly once go through the traditional ways of identifying phishing emails and those are as follows –
By being aware of these signs and using caution when opening emails and clicking links, you can protect yourself from phishing attacks. It is also a good idea to use antivirus software and to be careful about the websites you visit and the attachments you open.
Now, let me tell you the techniques I personally use which have given me 100% successful results to date.
First of all what you should do is checking it for spoofing. For this, first check the senders email closely, also try to open the domain which sended that email, also perform whois lookup on the domain on the senders email. Once you think that the senders email is the same as it should be. Check it for spoofing, like it may be possible that has sended the email via spoofing. For checking this, open the raw data of that particular mail or download that email in .eml format and copy the IP address mentioned in the email header named Recieved or Recieved by and perform the reverse IP lookup using any tool like https://mxtoolbox.com/ReverseLookup.aspx
If the resulted details match with the senders mail,its not a spoof mail otherwise its a simple spoofed email.
Also, pay a close attention to the reply to header of that email, sometime it is different from the senders email and that’s also a sign of phishing attack, but sometimes its different due to some reasons, so think wisely.
These are some ways, you can check if its not a spoofed email.
But what if its sended from a email id which has been hacker?
In order to being safe from this, search the senders email on websites like https://breachdirectory.org/ , https://haveibeenpwned.com/ , etc.
2. Paying attention to all the links mentioned in that email (including those which are mentioned using href ) , perform whois lookup on those to check if they are not redirecting you to any malicious website.
URL / IP Reputation check >>
3. File Analysis — Their maybe chances that email has some files as an attachment and those can also be malicious. So, before opening those files direct, firstly scan them for virused by uploading those on website like virustotal.com and the following website –
⌘ File Hash check >> https://lnkd.in/gNqxtn4d
⌘ online sandboxing >> https://any.run/
⌘ online sandboxing >> https://lnkd.in/gaRGY8kB
These are the basic techniques you must follow while analyzing any email.
Now, here comes the best tool which is an all in one phishing analysis tool, https://www.phishtool.com/
Yes, in order to make this process easy, we are developing an all-in-one email phishing analysis that will perform all the above techniques automatically and also use some intelligence. We are still in the implementation mode of that.
Follow me on Twitter as we will inform everyone about that once it’s launched using Twitter,
This is the end of this blog, please let me know if i missed anything or suggest improvements in the comments.
Thanks all for reading this write-up, follow me for more content like this in the future.
You can follow me for learning my writeups on topics related to ethical hacking and cybersecurity and a few topics on technology and to knowing my tips and tricks which I use to save my time and for better results.