Tag Archives: Email Security

Email Security: What is credential phishing?

Credential phishing is a type of email-based attack that uses malicious web forms mimicking legitimate websites to steal the victim’s login credentials. Potentially targeted credentials can include any web-based service, including:

  • Microsoft Outlook Web Access (OWA) and other corporate web-based email services
  • Free webmail services (e.g., Gmail, Yahoo, Hotmail)
  • Cloud-based sync and sharing services (e.g., DropBox, Box)
  • Online shopping (Apple ID, Amazon, etc) and loyalty program logins 

The credential phishing site frequently appears to be a perfect copy of the targeted website, and as a result a quick visual scan by the victim does not arouse suspicion. However, the domain in the URL will be under the attacker’s control, rather than owned by the targeted organization, and may indicate that the site is not legitimate.

Credential phishing is one of most successful social engineering technique to target larger organizations.

Email Security: Learn how to hunt phishing/spam emails?

Threat Hunting Through Email Headers

DKIM: Everything You Need to Know About Digital Signatures

Understanding SPF, DKIM and DMARC

Put simply, SPF, DKIM and DMARC are ways to authenticate your mail server and to prove to ISPs, mail services and other receiving mail servers that senders are truly authorized to send email. When properly set up, all three prove that the sender is legitimate, that their identity has not been compromised and that they’re not sending email on behalf of someone else.

These antispam measures are becoming increasingly important, and will one day be required by all mail services and servers. ISPs and mail services, such as Gmail and Office 365, are getting more and more stringent in the types of email they’ll accept, so having all three checks configured ensures that email gets delivered and isn’t rejected outright or otherwise delayed.

https://www.smartertools.com/blog/2019/04/09-understanding-spf-dkim-dmarc

Phishing – Email Header Analysis

Abstract

Email Headers hold a lot of information. Much of this information is never displayed to the user. The email reader only sees a select few pieces of information like the subject, date, and the sender’s email and info. The surprising part is that the information that is actually displayed to a user can be easily forged!

Read more in..https://mlhale.github.io/nebraska-gencyber-modules/phishing/email-headeranalysis/

Email & Email Headers Checking Tools:

To Analyze Email Headers, User Google Apps https://toolbox.googleapps.com/apps/messageheader/

This Email Checker Tests The Validity & Reachability Of An Email Address https://network-tools.com/email-tests/

Email Security DKIM: Everything You Need to Know About Digital Signatures

A sender creates the DKIM by “signing” the email with a digital signature. This “signature” is located in the message’s header. The sending mail transfer agent (MTA) generates the signature by using an algorithm applied to the content of the signed fields. This algorithm creates a unique string of characters, or a “hash value.”

How Can I Test My DKIM?

You can also test DKIM by sending an email to a Gmail account. Open the email in the Gmail web app, click on the down arrow next to the “reply” button (top right of email), and select “show original.” In the original, if you see “signed-by: your domain name” then your DKIM signature is good.

How Can I Read the DKIM Header?

https://www.emailonacid.com/blog/article/email-development/what_is_dkim_everything_you_need_to_know_about_digital_signatures/

Worth Reading

https://www.smartertools.com/blog/2019/04/09-understanding-spf-dkim-dmarc