Activity 10.2: Analyze a Phishing Email*
You probably already have great source material for this lab exercise: simply open your email spam folder and find a likely phishing attack email.
Part 1: Manually analyze an email header
Once you have identified a suspected phishing email, you will need to open the headers for the email. If you’re not familiar with the process, most email providers have help available on how to access the headers. It can help to print the headers out for analysis or to import them into your favorite text editor to allow for markup as you track what you have found.
Review the headers and identify what clues you can find.
a) where it was sent from
b) who sent it, and
c) what path it traveled before you received it.
c) What red flags stand out,
d) What would you do to identify future phishing emails based on the header information?
Part 2: Analyze the email content
Now that you have reviewed the header, you can move on to the body of the email. In this phase, review the content of the message, paying particular attention to common artifacts found in phishing emails. You should look for embedded links and record any deceptive links or embeds. You can also identify typos, poor grammar, and other typical elements of a phishing email.
- Once you have identified these components, check the links against a tool like those found at zeltser.com/lookup-malicious-websites/.
- Is the link or domain a known-bad link?
Part 3: Use an automated tool
Use one or more automated email header analyzers to review the header from part 1.
if you identify additional useful data and what that data is.
Write a one paragraph conclusion on what you learned.