Email Security: Learn how to hunt phishing/spam emails?

Threat Hunting Through Email Headers

DKIM: Everything You Need to Know About Digital Signatures

Understanding SPF, DKIM and DMARC

Put simply, SPF, DKIM and DMARC are ways to authenticate your mail server and to prove to ISPs, mail services and other receiving mail servers that senders are truly authorized to send email. When properly set up, all three prove that the sender is legitimate, that their identity has not been compromised and that they’re not sending email on behalf of someone else.

These antispam measures are becoming increasingly important, and will one day be required by all mail services and servers. ISPs and mail services, such as Gmail and Office 365, are getting more and more stringent in the types of email they’ll accept, so having all three checks configured ensures that email gets delivered and isn’t rejected outright or otherwise delayed.

https://www.smartertools.com/blog/2019/04/09-understanding-spf-dkim-dmarc

Phishing – Email Header Analysis

Abstract

Email Headers hold a lot of information. Much of this information is never displayed to the user. The email reader only sees a select few pieces of information like the subject, date, and the sender’s email and info. The surprising part is that the information that is actually displayed to a user can be easily forged!

Read more in..https://mlhale.github.io/nebraska-gencyber-modules/phishing/email-headeranalysis/

Email & Email Headers Checking Tools:

To Analyze Email Headers, User Google Apps https://toolbox.googleapps.com/apps/messageheader/

This Email Checker Tests The Validity & Reachability Of An Email Address https://network-tools.com/email-tests/

5 tips to avoid spear-phishing attacks

Abstract

Phishing, very briefly defined, is where a cybercriminal tricks you into revealing something electronically that you ought to have kept to yourself. The good news is that most of us have learned to spot obvious phishing attacks these days.

The bad news is that you can’t reliably spot phishing attacks just by watching out for obvious mistakes, or by relying on the crooks saying “Dear Customer” rather than using your name.

Read more in

CyberSecurity: WhatsApp phishing – List of scams

I wrote a post how fake WhatsApp messages are being circulated in festival seasons. And, social media is a good platform to target individuals. All you need is to just provide an interesting offer/heading in the message. Most of the people don’t think twice before clicking on it. And, Hacker just needs one click. How one single click can make your life miserable. Read my post here

https://followcybersecurity.com/2018/11/12/one-click-thats-all-someone-needs/

Hers the list of all phishing Whatsapp scams going on. 

  • A viral WhatsApp message asked users to click on a link to take part in the giveaway of 3,000 free Adidas shoes on the occasion of Adidas’ 93rd anniversary
  • Like the Adidas scam, fashion brand Zara’s free voucher is another WhatsApp scam. The WhatsApp text asks users for their personal details and contacts
  • Fee pizzas on click
  • Get Rs 1000  recharge on clicking on the link.
  • Get your battery full in a min by clicking on the link.
  • Martinelli video which hacks your phone.
  • Amazon shopping deals & offers. Similarly for other offers from many other eCommerce vendors.
  • fake WhatsApp versions for better features etc.

NOTE

The list never ends. Be aware of these phishing attacks. Also, stop forwarding any links to others. This is a good way to stop these messages.

Stay safe!