And I thought I would Blog about this tool as a security tool/solution.
First it is important to understand what is an e-mail header: https://support.google.com/mail/answer/29436?hl=en
You see e-mail headers are used usually by servers and e-mail clients.
From a security aspect, we like to use : http://mxtoolbox.com/Public/Tools/EmailHeaders.aspx as it provides a quick way to check against known blacklisted mail servers.
Below is a screen of an example e-mail:
The great thing is as soon as the report is done, even if you have no idea about security you see the icons in RED as a quick indicators for BAD as this e-mail has been using Black listed servers.
But if you look some more, you can find a wealth of information:
for example the sender if from a .nz domain ? really Alberta Canada and the sender if from New Zealand.
Below is Also the attachment, in Base64 this is to insure someone can't click and infect themselves.
DEAR, client@canadacyberclient.com DEAR ALBERTA TREASURY BRANCH CUSTOMER, Your most recent monthly statement is ready and is available for download (see attachement). The statement includes all ATB Online transactions and your starting and ending balances. We email you to let you know your account statement is ready. You can view or print a copy of your statement from the same page. kindly download the attached file to view your most recent statement. ATB Online Financial Services Customer Relations Services -------------------------------------------------- As this e-mail is an automated message, do not reply to this email. -------------------------------------------------- No virus found in this message. Checked by AVG - www.avg.com Version: 2013.0.2018 / Virus Database: 2909/6842 - Release Date...
--Forwarded Message Attachment--
--= Multipart Boundary 0731140401 Content-Type: text/html; name="ATB_ESTMNT_07302014.html" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="ATB_ESTMNT_07302014.html" PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9u YWwvL0VOIj4NCjxodG1sPg0KPGhlYWQ+DQo8bWV0YSBodHRwLWVxdWl2PSJQcmFnbWEiIGNv bnRlbnQ9Im5vLWNhY2hlIj4NCjxtZXRhIG5hbWU9IkdFTkVSQVRPUiIgY29udGVudD0iSUJN IFdlYlNwaGVyZSBQYWdlIERlc2lnbmVyIFYzLjUuMyBmb3IgV2luZG93cyI+DQo8bWV0YSBo dHRwLWVxdWl2PSJDb250ZW50LVN0eWxlLVR5cGUiIGNvbnRlbnQ9InRleHQvY3NzIj4NCg0K PHRpdGxlPlRSSktMPC90aXRsZT4NCg0KPC9oZWFkPg0KDQoNCg0KDQo8Ym9keSBtYXJnaW53 aWR0aD0iMCIgbWFyZ2luaGVpZ2h0PSIwIiBib3JkZXJmcmFtZT0iMCIgdG9wbWFyZ2luPSIw IiBsZWZ0bWFyZ2luPSIwIiBvbkxvYWQ9ImphdmFzY3JpcHQ6d2luZG93LmxvY2F0aW9uLmhy ZWY9J2h0dHA6Ly9vZGMtY2VudGVyLmNvbS9zaXRlL3dwLWNvbnRlbnQvdXBncmFkZS8nIj4N CiZuYnNwOw0KPC9ib2R5Pg0KPC9odG1sPg== --= Multipart Boundary 0731140401--
No comments:
Post a Comment