PATCHING HUMAN STUPIDITY 101 – “Analysing Phishing Email”

June 9, 2018 | Views: 3166

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Synopsis

The human is the weakest link in the cybersecurity chain.” If you don’t know about this “gossip” yet, well, it’s a fact.
When we hear about “phishing,” our normal response is to be careful about clicking links from email content that direct us to malicious websites on the Internet, yet we tend to forget about the risks in just an hour or days. Often times, we think that our antivirus program would be able to protect us, but it’s a myth, no matter how “next generation” the antivirus program makers say their products are. That’s what they are good at: marketing!

As an IT security practitioner, I have my duty to the community not only to provide cybersecurity awareness but also to empower every human who has devices connected to a public network.

Disclaimer

I highly recommend not performing this procedure to upload sensitive/confidential files in public, especially company-related files. Contact your awesome IT security team and strictly follow your organization’s policy.

Methodology

In this first article related to phishing, I will be sharing very basic, technical steps that even an elementary school student with a basic computer background could understand and follow.

1. Analyzing the Email Sender
Usually, we are only focused on the sender’s name but not the sender’s email address, with which “spoofing” happens most of the time. If you know the correct spelling of your company’s name, then it should be easy to spot the sender’s domain address to see if the address is legit or fishy.

If you want to confirm the domain is not bogus, you may simply copy and paste it on a public site that checks phishing domains and malware, like the site https://www.virustotal.com.

An example is artrebultan@parasabayan.org, from which you can copy everything after the “@” sign and paste it in the search bar under the “Search” tab on the Virus Total site to see the verdict.

2. Analyzing the URL Link
Here, there are two ways to get the link that you can copy and paste in the search bar under the “Search” tab on the Virus Total site.

1st Way: Hover your mouse pointer over the link, which is typically underlined and in blue by default. Right-click then select “Copy Hyperlink” and paste it into the search bar.

2nd Way: If the URL link (e.g., http://parasabayan.org) is already visible, simply follow the same step as the first.

3. Analyzing Email Attachments
Whenever your fingers are too itchy to double-click the attachment in the email, “smile.” Yes, smile so you can remember this patching that I created merely for you.

What you can do here is select “Save As” for the file in your favorite folder. Rename it if you wish. Go to the Virus Total site and upload it (Choose file) under the “File” tab and wait for the analysis.

What Virus Total will do is generate a file signature called “Hash” and check against their database of IOC’s (indicator of compromise) from 55+ different antivirus vendors. So if the file is confidential or personal, then most likely, Virus Total will have no results on this, as it is not yet known to be malicious.

Other Resources:
Aside from Virus Total, there are plenty of free online antivirus and domain scanners to combat phishing. Below are a few to mention:

What is Next?

Watch out for the next series on this topic: PATCHING HUMAN STUPIDITY 102 – “PHISHING DEFENSE WITH OSINT.

About the Author
Michael Rebultan, aka “Art,” has more than 15 years of experience as an IT professional with a background in PCI-DSS audit, Unix/Linux server administration and lockdown, R&D, VAPT, and currently DFIR in both IT and the ICS/SCADA environment. He holds a master’s degree in IT with a major in ecommerce security, and a professional graduate diploma in Digital Forensics and Cyber Security as continuing education. He has been a local speaker of FOSS Asia (Singapore), Null Singapore, PEHCON (Philippines), and Linux Meetup Group (Singapore).

Specialties: Computer Forensics, Network Intrusion, Data Breach, Cybercrime Investigation, Volatile Memory, and Malware Analysis.

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel