hi and welcome the Module four and Cyber is crafting the perfect email course. Now that we've gone over re Kon crafting and sent our phishing emails, what can we do to help stop or mitigate them in your organization?
So one of the main reasons I love to perform fishing campaigns is actually to help the user's. My goal isn't to trip the user, but instead to educate them. I want them to be able to detect my phishing emails and be able to tell me that they found one that I sent out.
Really, that'll help make our network more secure and also make me a better social engineer, because I'm gonna have to try and
use more advanced techniques or learn new things to get those emails by
so insecurity. Our goal that we sometimes forget is to improve the overall security posture of an organization, and we can use
the user's toe. Help us.
Um, one thing I like to do is all actually involve users. When I plan a fishing campaign, I'll ask them what they may have seen or heard about. Maybe they recently fell for a fishing attempt in their personal life or somewhere else do they know or understand why that happened?
When you involve a user, it'll give them a sense of responsibility and empowerment, and it really gets them interested in helping to defend the network, which really helps you as well.
The first step in educating users is teaching them how to recognize phishing emails and attempts. If we can get users to recognize a phishing email and report it right away, we may be able to prevent other users from being fished.
Now we're going to use what we've already learned in writing a phishing email to help our users recognise one.
So do you remember what the five keys are to creating a phishing E mail?
The 1st 1 was sender. Make sure to verify, always verify the sender and make sure that your users no addresses can be spoofed.
Subject. Does this subject make sense? Is it something they normally see from this person? Does it uses different wording? Is a type a little bit differently? Those are all things to look for when recognizing a phishing e mail
again, the email address view the header information to verify where the email actually came from, and This is something I'll show you how to do in the lab, and we can shore users how to do this as well, or at least get that information so you can verify it.
Then we'll go into the email details. Does wth E e mail actually make sense? Can you tell if it has maybe too much information? It's trying too hard to look legitimate.
Does anything look strange or out of place? These are all things to look for when you're reading an email that you think may be a phishing email
and, lastly emotional buying. That's the big one for social engineers. We want to get the user emotionally involved. This will limit their rational thinking. This is something you can use to help your users tell them this.
Remember to take a second and re read the email. Don't react immediately if you get an email from your bank saying that your account has been hacked and they need you to log in to verify some charges or you're gonna lose all your money. Remember to take a deep breath and call your bank. Go to the bank's website.
We want to verify any information that we can and make sure it's correct before taking any action.
And one thing to always remind our users is to never click any links or download any attachments that they weren't expecting.
So how do we view header information? I've got a screen shot here from Outlook. You can click the little button that's highlighted there, or you can actually go to file properties and then Internet headers, and that'll give you the full header information.
In Gmail, it's pretty easy as well. We can use the three dots in the upper right,
then show original, and what we can do is Ian Copy. That's the clipboard and pace it in Google's Hatter decoder,
and that will help us go over any information that we need. And I will go ahead and hop in our lab here and actually show you that.
So, as you can see, I've got our phishing email from yesterday up so again in Google to view the header information, you click the
three little dots there and we're gonna do show original,
and this will take and show us the whole header, and the main thing we're looking for is the I. P address that the server that sent the email out from
And so what we're gonna do is just copied all this information to the clipboard. This is what you can have your users do and send that to you. See, you can decode it for him.
But what will do then is go to toolbox dot google maps dot com slash aps slash message header slash analyze header. And you could say I've already done this one. You know what? Let's go it. This is what it looks like when you get there. So go ahead and control V or right click and paste
and then analyze the header above.
And you could see this is the message i d from google dot com. This is when it was created. This is who is from the cyber security team
and this is the actual email that it was from. So if you remember, we changed our display Ning to show the cyber very security team
this is who it was too. Here's the subject. We saw that, but here you can see the actual server that it was sent from. And this is where you would hopefully know your own servers um, if it is coming looking like it's coming from inside and you can look up the service as well.