Open in app

Sign in

Write

Sign in

Prevent From Spoofed Emails

Prince Prafull
3 min readJul 11, 2021

Hello Readers,

You might have spoofs of films many times, nut have you heard about email spoof? A spoof film may look like actual movie or something inspired from it but Email spoofing is different.

EMAIL SPOOFING:

Email spoofing is a technique in which Hacker / Attacker sent malicious payload /link to victim’s email address and Victim assumes that link is coming from trusted source / person. The glibness of the mail makes it difficult ot distinguish it from an actual trusted mail.

How Hacker Trap Victims:

Hackers send the mail on victim’s email ID as a name of any organisation i.e support@organi.com. Here “organi” means name of the organisation.

Hackers can send malicious link or payload/ virus embedded in pdf or any form of attachment.

How can we determine the valid or trusted mail:

Lets take an example:

Suppose you get a mail from google regarding any updates on your gmail security, it appears like:

Now if we have to verify that it is a spoofed mail or not, follow these steps:

  1. You can see that on top right of the image there are three dots, Click on it

2. Now Click On “show Original” tab

A new page will gets opened having all details about the email

Now we have to check for two things in the page:

  1. Message ID: It should be from same domain from where the mail is coming

for example in this case it is google.com and the message ID is also “google.com”

2. Received From Header:

After going to“email header page” Press Ctrl+F and search of “Received From”, this is a header containing the originated IP of the Email.

Automate Analysis of Email headers:

  1. Check on the “Copy to Clipboard”

2. Goto https://mxtoolbox.com/EmailHeaders.aspx

4. Paste the copied data.

It provides the detailed report of the email sent to you.

Things Need for Investigation Purpose:

  1. Screenshot of the Email Header
  2. Any File / Document attached to the email. (In pendrive or CD)

POLICE:

“I will catch that Criminal,U just need to give me some details”

“Report on https://cybercrime.gov.in”

FOLLOW ME

Prince Prafull - Freelance web application tester - Freelance | LinkedIn

View Prince Prafull's profile on LinkedIn, the world's largest professional community. Prince has 1 job listed on their…

www.linkedin.com

https://twitter.com/PrincePrafull3/

Reference:

https://google.com/ (FOR IMAGES)

Email
Ransomware Attack
Ransomware Virus
Spoofing
Phishing

--

--

Prince Prafull

Written by Prince Prafull

185 Followers

Cyber Security Learner | Web Application Testing | Student

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams