Unmasking Phishing: Analyzing Suspicious Emails

Provides valuable insights into identifying and analyzing suspicious emails, and to protect themselves from phishing.

Provides valuable insights into identifying and analyzing suspicious emails, and to protect themselves from phishing.

Monday, 6 May, 2024

Phishing - Cyberwarehub
Phishing - Cyberwarehub
Phishing - Cyberwarehub

A phishing email is a fraudulent message designed to deceive individuals into providing sensitive information or taking harmful actions. These emails often appear to be from legitimate sources, like banks or trusted companies, but are sent by cybercriminals with malicious intent. They contain convincing messages, often urgent or enticing, to trick recipients into clicking on malicious links, downloading harmful attachments, or disclosing personal and financial information.

How to analyze a Phishing Email?

When examining a phishing email, it's essential to verify the sender's identity, identify grammar errors, and refrain from clicking on suspicious links or downloading attachments and confirm unusual requests with the sender. Compare the email's appearance to previous ones from the same sender and trust your instincts if anything seems unusual.

Let's explore genuine scenarios of phishing attacks to understand their tactics and implications.

Sample Scenario: 

Sarah, a finance manager at XYZ company, receives an urgent email from what appears to be the company's CEO, requesting all employees to update their banking details for a new payroll system. Without verifying the sender's identity, Sarah complies, disclosing sensitive financial information to cybercriminals.

Let’s begin with Email header analysis.

When you receive external emails from outside the network, ensure legitimacy through the following steps:

Identify the Sender's Email Address

The sender's email address is "John@xyz.co.uk" Determine if the sender is internal or external, then validate the legitimacy of the domain "xyz.co.uk." In this case, the domain seems legitimate, but it is not a valid domain address.

Here is one of the sandbox results for the domain:

Sense of Urgency in the Subject

Typically, in the subject line, malware authors aim to convince individuals to disclose personal information by utilizing scare tactics. When the email appears to be from a legitimate source, such as the CEO, recipients may feel pressured to provide the requested details promptly, without delay.

Grammatical and Spelling Mistakes in the subject

Next, it's important to examine the email body content. Nowadays, many malware authors are more careful about grammar due to increased awareness in cybersecurity. However, errors may still occur, such as misspelling the word "Employees" with a missing "E," as observed in this email.

Suspicious URL/Attachments

In conclusion, the email includes a URL to be opened. The URL is a shortened link and appears suspicious. Let's examine the verdict of the URL from the sandbox.

What kind of Key Data Exposed in a Phishing Attack?

  1. Personal Identifiable Information (PII), including names, addresses, and social security numbers.

  2. Login credentials, encompassing usernames and passwords.

  3. Financial data, such as credit card numbers and bank account details.

  4. Sensitive corporate information, like trade secrets and proprietary data.

  5. Personal and business email addresses, which can be exploited for additional phishing attempts or social engineering attacks.

Happy Learning !!!