Hey guys, it’s me Dheeraj Yadav and in today’s blog, we will learn about all the techniques used for analyzing email and verifying if it’s legit or not.

This blog is useful for everyone ranging from a normal internet user to CISO of an M.N.C. The blog is designed in such a way that there would be no way that you got any false positives.

What is Phishing?

Phishing is a type of online scam in which hackers send fake emails pretending to be from a legitimate company or individual in order to steal sensitive information such as login credentials, financial information, or personal data. These emails often contain links to malicious websites or attachments that, when clicked or downloaded, can infect the recipient’s computer with malware.

Phishing attacks have become increasingly sophisticated over the years, and hackers are constantly finding new ways to trick people into falling for their scams. In 2019, phishing attacks resulted in more than $12 billion in losses worldwide. It is crucial for individuals and organizations to be able to identify and analyze phishing emails in order to protect themselves from these attacks.

In this blog, we will only be targeting email phishing but some techniques can still be applied in performing other phishing attacks too.

For learning about other types of phishing attacks, refer to Different Types of Phishing Attacks

How to identify phishing Emails?

Firstly once go through the traditional ways of identifying phishing emails and those are as follows –

1. Look for unusual or suspicious sender names or email addresses. Hackers often use fake names or variations of real names to make the email appear legitimate. They may also use domains that are similar to, but not exactly the same as, the real company’s domain. For example, if you receive an email from a supposed colleague at your company, but the email address is slightly different than their usual address, it could be a phishing attempt.
2. Check the email for spelling and grammar mistakes. Legitimate companies usually have a team of professionals who carefully proofread all of their communications. If the email contains numerous errors, it is likely to be a phishing attempt.
3. Be wary of emails that contain urgent or threatening language. Phishing emails often try to scare the recipient into taking immediate action, such as clicking a link or downloading an attachment. They may use language such as “Your account will be suspended if you do not take action immediately,” or “You will be in legal trouble if you do not respond.” These types of emails should be treated with caution.
4. Inspect links carefully before clicking on them. If you hover your mouse over a link, your email client should display the true destination of the link. If the link does not match the text that it is supposed to be associated with, or if the destination seems suspicious, do not click on it. You can also check the link manually by hovering over it with your mouse and looking at the bottom left corner of your screen. This will show you the true destination of the link.
5. Be cautious of emails that ask for personal information. Legitimate companies will not ask for sensitive information such as login credentials or financial information via email. If you receive an email asking for this type of information, it is likely to be a phishing attempt.

By being aware of these signs and using caution when opening emails and clicking links, you can protect yourself from phishing attacks. It is also a good idea to use antivirus software and to be careful about the websites you visit and the attachments you open.

Now, let me tell you the techniques I personally use which have given me 100% successful results to date.

1. Verifying the Sender –

First of all what you should do is checking it for spoofing. For this, first check the senders email closely, also try to open the domain which sended that email, also perform whois lookup on the domain on the senders email. Once you think that the senders email is the same as it should be. Check it for spoofing, like it may be possible that has sended the email via spoofing. For checking this, open the raw data of that particular mail or download that email in .eml format and copy the IP address mentioned in the email header named Recieved or Recieved by and perform the reverse IP lookup using any tool like https://mxtoolbox.com/ReverseLookup.aspx

If the resulted details match with the senders mail,its not a spoof mail otherwise its a simple spoofed email.

Also, pay a close attention to the reply to header of that email, sometime it is different from the senders email and that’s also a sign of phishing attack, but sometimes its different due to some reasons, so think wisely.

These are some ways, you can check if its not a spoofed email.

But what if its sended from a email id which has been hacker?

In order to being safe from this, search the senders email on websites like https://breachdirectory.org/ , https://haveibeenpwned.com/ , etc.

2. Paying attention to all the links mentioned in that email (including those which are mentioned using href ) , perform whois lookup on those to check if they are not redirecting you to any malicious website.

URL / IP Reputation check >>

⌘ https://lnkd.in/gNqxtn4d

⌘ https://urlscan.io/

⌘ https://lnkd.in/g7uWdC5q

⌘ https://www.abuseipdb.com/

3. File Analysis — Their maybe chances that email has some files as an attachment and those can also be malicious. So, before opening those files direct, firstly scan them for virused by uploading those on website like virustotal.com and the following website –

⌘ File Hash check >> https://lnkd.in/gNqxtn4d

⌘ online sandboxing >> https://any.run/

⌘ online sandboxing >> https://lnkd.in/gaRGY8kB

These are the basic techniques you must follow while analyzing any email.

Now, here comes the best tool which is an all in one phishing analysis tool, https://www.phishtool.com/

Anything else:

Yes, in order to make this process easy, we are developing an all-in-one email phishing analysis that will perform all the above techniques automatically and also use some intelligence. We are still in the implementation mode of that.

Follow me on Twitter as we will inform everyone about that once it’s launched using Twitter,

This is the end of this blog, please let me know if i missed anything or suggest improvements in the comments.

Thanks all for reading this write-up, follow me for more content like this in the future.

You can follow me for learning my writeups on topics related to ethical hacking and cybersecurity and a few topics on technology and to knowing my tips and tricks which I use to save my time and for better results.