Welcome everybody to learn about the steps to find the attacker information in a phishing attack.
There are two common types of
- Standard Phishing Attack
- Spearhead Phishing Attack
You gonna educate yourself to find the details of the attacker in an email phishing attack.
Methods to identify email phishing attacks
- The email comes from an outside domain.
- Contains malicious files or/and the URLs.
- The email contains spelling/grammatical mistakes.
- Demands money emotionally.
Usually, all the email phishing attacks are mitigated using sandbox ATP tool analysis like Proofpoint, Cofense Triage, SonicWall, Macfee, and many more. With Sandbox tools, it does not reach any user in the organization. If you find any of the emails with the above-mentioned symptoms. Please look into the steps below to find the attacker's actual email details manually.
I have attached the sample email, which has the features of the phishing attack.
Here, Riley Gray is the bad guy. He is trying to fool one of the users in the organization with the fake email id of another user in the organization.
STEP 1: Extract the Headers
If you see any of the emails that are similar to the above-mentioned emails, the next step is to copy the email headers to the clipboard.
STEP 2: MxToolBox
An MXtool box is basically an open-source tool on the internet designed for email analysis like DNS lookups, email health, header analysis, etc.
For this case, we are going ahead with Analysis Header and paste the header from the clipboard to the empty space of the email header analyzer.
STEP 3: Header Analysis
There will be tons of information in the analysis section. But we take a dig into the IP address and domain it has received from.
If the sender is outside your domain, then we can confirm that he is definitely an attacker trying to phish you.
Please suggest new exciting topics for the next article.
Thanks for reading this article!