In today’s digital age, emails are a prime target for scammers and cybercriminals. Identifying fake emails is crucial to protect yourself and your organization. Here’s a straightforward guide on how to spot suspicious emails and ensure your safety online.
Email Header Analysis
Examine the Email Header:
Email headers reveal detailed information about the email’s origin. Tools like MXToolbox can help analyze headers and spot discrepancies.
Steps:
- Open your mailbox and open the mail you want to analyze, now click the more option as shown below:
Now click on “show original” as shown.
Now a new tab will appear on the screen copy the email header by the option “copy to clipboard”
Now open a new tab on chrome and type email header analysis or “MX toolbox”, and paste the copied content here
It will analyze the email header and determine whether a mail is legitimate or not.
Check the Received Path:
Please verify that the email passed through legitimate mail servers to ensure it hasn’t been spoofed.
Case Scenario:
An employee receives an email from what appears to be their CEO, requesting an urgent transfer of funds. Examine the email header, they discovered the email originated from an unknown server, preventing a costly scam.
Reverse Email Lookup
Use Reverse Lookup Tools:
Websites like EmailRep or Hunter.io allow you to check the reputation and history of an email address.
Search Email Address Online:
A simple Google search can reveal if an email address has been linked to scams or spam reports.
Case Scenario:
A user receives an email offering a lucrative investment opportunity. A quick search reveals multiple reports of scams associated with the sender’s address, saving them from potential fraud.
Cross-Reference with Known Databases
Phishing Database Checks:
Use resources like PhishTank, Spamhaus, and the Anti-Phishing Working Group (APWG) to see if an email or its content is listed as malicious.
Case Scenario:
An IT professional receives an email with a suspicious attachment. Checking the email against PhishTank reveals it as a known phishing attempt, avoiding a malware infection.
Link and Attachment Verification
Hover to Reveal URLs:
Before clicking, hover your mouse over links to see the actual URL. This can help spot disguised links.
Use URL Expander Tools:
Tools like CheckShortURL expand shortened URLs to reveal the true destination.
Scan Attachments:
Use services like VirusTotal to scan email attachments for malware.
Case Scenario:
A user gets an email with a link to a “special offer.” Hovering over the link reveals a completely different URL. Using VirusTotal to scan the attachment confirms it contains malware, preventing a security breach.
Behavioral Analysis
Analyze Email Timing and Language:
Consider if the timing of the email and the language used matches previous legitimate communications from the sender.
Check for Unusual Requests:
Be wary of unusual requests, especially those involving financial transactions or personal information.
Case Scenario:
An accountant receives an email from a known client requesting a sudden change in payment details. Noticing unusual language and timing, they verify the request through a phone call, uncovering a phishing attempt.
Best Practices for Email Security in OSINT Investigations
Sandboxing:
Open suspicious emails in a sandbox environment, using virtual machines to analyze them without risking your main system.
Social Engineering Awareness:
Educate yourself and others on common social engineering tactics used in phishing attacks.
Use Secure Communication Channels:
If an email seems suspicious, verify its content through a different communication channel, like a phone call.
Monitor Email Behavior:
Keep an eye on email traffic within your organization to identify anomalies that might indicate phishing attempts.
Tools for OSINT Email Investigations
- EmailRep.io: Provides detailed reputation information about an email address, including its history of malicious activity.
- Maltego: A powerful tool for gathering and analyzing data to identify relationships and patterns.
- Have I Been Pwned?: Check if an email address has been involved in any known data breaches.
- Spiderfoot: Automates the collection of OSINT data to identify potential threats and risks associated with an email address.
Example of Checking a Suspicious Link
- Hover Over the Link: Inspect the visible URL for any discrepancies.
- Expand Shortened URLs: Use CheckShortURL.
- Submit to VirusTotal: Check the URL against multiple antivirus engines.
- Google Safe Browsing: See if the URL is flagged as dangerous.
- WHOIS Lookup: Get information about the domain’s age and ownership using Whois.net.
- Domain Reputation: Check the domain’s trustworthiness with Talos Intelligence.
By following these steps and using the recommended tools, you can effectively identify fake emails and protect yourself from potential threats. Stay vigilant and always verify before you click!
Forensic-Impact Articles
Memory Forensics Tools Overview
Guest Blogger: Kokab RasoolMemory forensics is becoming more essential in incident response and threat analysis as new threats and sophistication arise in the changing cybersecurity landscape. Memory forensics, as opposed to traditional approaches that rely on hard...
TikTok Compliance Data Your New BFF
Haven't heard of TikTok? Then you might have been living under a rock (or maybe just enjoying some serious digital detox!). TikTok is one of the world's most popular social media platforms, where users share short-form, often viral videos, featuring dance challenges,...
OSINT Tools And Techniques for Digital Forensics Nerds
Written by: Stephanie HonoreIntroduction As a professional software engineer with a passion for digital forensics, I often find myself drawn to unraveling the complexities of cyber threats in my spare time. With a background in building eDiscovery software and some...