Saturday 19 December 2015

Message Header Analyzer (Microsoft & Google)

Spear-phishing attacks still happen and are still successful. According to Symantec: “The FBI estimates that the amount lost to BEC (Business Email Compromise) between October 2013 and August 2015 was over $1.2 billion. With such huge returns, it’s unlikely that these scams will cease any time soon.”

Symantec researchers also explained that “BEC attackers target senior-level employees rather than consumers as it’s easier to scam them out of large amounts. In one incident, we observed the scammers asking the target to transfer over US$370,000. By requesting large amounts of money, the scammers only need to be successful a couple of times to make a profit,”.

Usually spear-phishing emails are used for untargeted attacks. Lately we saw spear-phishing attacks becoming more targeted. An example is the CEO fraud attacks. A cyber criminal sends an email that appears to be from an executive (usually from the CEO to the CFO) asking for a specific payment to be processed immediately. The payment may be in any currently or even BitCoin(s). 

There are a couple of tools online that you can use to check the email headers of incoming emails. The email headers allow you to check if a suspicious incoming email is actually a spoofed email as part of a spear-phishing attack campaign.
In both cases, copy the email header from the email you received and paste it in one of the analyzer (or both). The analyzers will give you valuable information about the origin of the suspicious email, especially if the email is pretending to be from a legitimate sender but in reality it is being spoofed (see: spoofed email).

There is also a another website that will allow you to analyse the email header for free. However, you need to remember to delete the header from their records. This is done by a button when you scroll all the way down to the bottom of the results page. 

No comments:

Post a Comment