Upon close investigation, you can see the differences between real email and phishing emails. Email Protector helps you do that faster.

Georgi Spasov
23 Apr 2019
phishing cybercrime email

If you own a company or work for one, you know how business is organized – everything is happening via email. Meetings and discussions are just a small and harmless fraction of all emails that you receive. Well, what about invoices then? Are you aware that cyber criminals are sending fake invoices to companies and individuals? The amount of money they generate via this amazingly simple method is astonishing. If you want to learn more about this kind of cyber attack, I’d advise you to firstly read the articles about spear phishing and whaling. They’ll give you a really nice introduction to this article.

As you already know what a phishing attack and a phishing campaign is, you got to know that there is nothing that can stop hackers in sending you an email. Now the question is, how can you distinguish a harmful email from a regular one. Since this article will be fairly technical, we’re not going to discuss the blatant and obvious give-aways of a phishing email, nor will we cover the previously discussed phishing campaigns. As you already know what a phishing attack is, you got to know that there is nothing that can stop hackers in sending you an email.

Now the question is,

how can you distinguish a harmful email from a regular one.

Since this article will be fairly technical, we’re not going to discuss the blatant and obvious give-aways of a phishing email, nor will we cover the previously discussed phishing campaigns. If your cyber security solutions – name them antivirus products, malware blockers etc. fail to protect, the only thing that stands on the way between the cyber criminal and you, is a keyboard. People nowadays have no accessible tool that can guarantee that the person, sending an email is the correct one. A hacker could forge the email so that it will seem as if it is sent by a legitimate institution or a person. But it’s actually not. This tactic is often times utilized when a hacker group has taken the hold of an email account. Usually the compromised accounts are company accounts – as people pay little to no attention in following the security best practices, accounts often times get compromised and fall into the hands of hackers. When those malicious actors have established control, they observe the correspondence between all parties. The emails hackers pay close attention to include keywords such as ‘payment’, ‘invoice’, ‘price’, ‘transaction’, ‘bank’. After figuring out that a payment is soon to be made, hackers begin using the ‘bridge’ strategy. As soon as the fundamental points of the strategy are complete, hackers begin either a social engineering or a spear phishing campaign against the other correspondent or they await an invoice to be received. Forging an invoice is really easy. That is why, one should

Never wire a big sum of money before conducting a phone call

When a payment has been made, and if the recipient is fraudulent, one has a limited set of actions to do in order to recover from this situation. But let’s not talk about the worst-case scenario. It is mandatory that everyone should know what to do, but more importantly, one should know how to proactively stop a threat before it’s too-late. How do emails work is an article that will give you enough understanding and information, so that you won’t get confused by the acronyms and technical terms in the next lines.

Email servers with no spam filters - trouble for all of us

Such email servers taht lack even basic antivirus protections or spam filters fall often times victim to spammers and phishing campaign. Usually, a mail server should block and filter messages that have to DKIM validation or SPF entries. In most cases, email servers that are misconfigured, do a standard SPF check, but when the SPF check fails, the email server does not block the email message. So, a malicious perpetrator gains access to the ‘Inbox’ of the unexpecting user. Every year there are spam campaigns against the biggest free email service providers in Bulgaria – mail.bg and abv.bg. The lack of validation puts the users to a tremendous risk. Fortunately, users of Yahoo, Gmail and Microsoft Outlook are protected from emails that have no DKIM/SPF validation. So, the attacker has gotten in the ‘Inbox’ folder of some email. His email got an attachment that will install a backdoor to an unpatched system. It’s our task to stop him do it. Firstly, in order to verify that the email is coming from a legitimate source, and not some dubious online anonymous email service, we should check the email headers. Email headers can’t lie to you. If the SPF or DKIM validation fails or softfails, it is surely that the sender is not a recognized source of email traffic. The sending server might also give some information. We could check what we know about it online in just a few clicks.

Only when you examine an email message closely, can you fully understand what was going on when the email was sent. But verifying this information by hand every single time there is a new message in the inbox, is a tedious job. If only there was a way to automate this check, regardless of the platform.. Well, there is! And our tool is free. You can read more about it here and download the chrome extension for free from the chrome web store. Only then can you be sure that even if your email provider is not secure, you will minimize the risk by using the best free tools in the market.


Georgi Spasov

Georgi Spasov

Georgi was the Bulgarian POC for high-tech crimes during his work as a cybercrime forensic investigator. Now, as a fullstack developer, he contributes with his knowledge in building highly available software solutions.

comments powered by Disqus

PhaaS Request Submission