logo XD
logo Antler

Phishing

General Phishing

Email Spoofing is a deceptive tactic where attackers forge email headers to make messages appear as if they originate from trusted sources. This technique is commonly used in phishing attacks to deceive recipients into revealing sensitive information or downloading malicious software. Understanding how to analyze email headers can help you identify and protect against such fraudulent activities.​

What Are Email Headers?

Email headers are essential components of an email message that contain vital information about its origin, route, and authenticity. They include fields such as ‘From’, ‘To’, ‘Subject’, ‘Date’, and several others that provide a trail of the email’s journey from sender to recipient. While some of these fields are visible in your email client, many are hidden and can be viewed by accessing the email’s source or original message.

How to Access Email Headers:

  • Outlook: Open the email, click on “File,” then “Properties,” and view the “Internet headers” box.​

  • Gmail: Open the email, click on the three vertical dots next to the reply arrow, and select “Show original.”

  • Yahoo Mail: Open the email, click on the three horizontal dots, and select “View raw message.”​


Delivered-To: user@example.com
Received: by 2002:a17:902:5307:0:0:0:0 with SMTP id v7csp1452976ejw;
Wed, 03 Apr 2024 12:34:56 -0700 (PDT)
X-Received: by 2002:a1c:4b09:: with SMTP id g9mr1234567wma.67.1712172896123;
Wed, 03 Apr 2024 12:34:56 -0700 (PDT)
Return-Path: sender@domain.com
Received: from mail.domain.com (mail.domain.com. [123.45.67.89])
by mx.google.com with ESMTPS id b7si1234567qke.287.2024.04.03.12.34.56
for user@example.com
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 03 Apr 2024 12:34:56 -0700 (PDT)
Received-SPF: pass (google.com: domain of sender@domain.com designates 123.45.67.89 as permitted sender) client-ip=123.45.67.89;
Authentication-Results: mx.google.com;
dkim=pass header.i=@domain.com header.s=selector1 header.b=abcd1234;
spf=pass (google.com: domain of sender@domain.com designates 123.45.67.89 as permitted sender) smtp.mailfrom=sender@domain.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=domain.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=domain.com; s=selector1; t=1712172896;
bh=VYgWqzXb1q83L9efk9EtqvL7W0U=;
h=Date:From:To:Subject:Message-ID;
b=abcd1234efgh5678ijkl9012mnop3456qrstuvwx…
Date: Wed, 3 Apr 2024 12:34:56 -0700
From: Sender Name sender@domain.com
To: Recipient Name user@example.com
Message-ID: CAJ1234567890abcdefg@mail.domain.com
Subject: Important Update on Your Subscription
MIME-Version: 1.0
Content-Type: text/plain; charset=”UTF-8″
Content-Transfer-Encoding: 7bit

Key Email Header Fields to Examine:

  1. From: Indicates the sender’s email address. However, this field can be easily forged and should not be solely relied upon to verify the sender’s identity.​

  2. Reply-To: Specifies the email address to which replies should be sent. Discrepancies between the ‘From’ and ‘Reply-To’ addresses can be a red flag for spoofing.​

  3. Received: Shows the servers that handled the email during its transmission. By examining the sequence of ‘Received’ fields, you can trace the path the email took and identify anomalies.​

  4. Return-Path: Indicates where non-delivery receipts (bounces) are sent. A mismatch between the ‘Return-Path’ and ‘From’ addresses may suggest spoofing.

  5. Received-SPF: Displays the result of the Sender Policy Framework (SPF) check, which verifies if the email comes from an authorized server. A ‘Fail’ or ‘Softfail’ status can indicate potential spoofing.

Detecting Spoofed Emails:

  1. Examine the ‘Received’ Fields: Trace the email’s path by reviewing the ‘Received’ fields. Inconsistencies or unfamiliar server names can be indicators of spoofing.​

  2. Check SPF, DKIM, and DMARC Results: These authentication mechanisms help verify the legitimacy of the email. Failures or absence of these checks can be warning signs.​

  3. Analyze the ‘Return-Path’ and ‘Reply-To’ Fields: Ensure these fields match the ‘From’ address and are consistent with the sender’s domain.​

  4. Use Email Header Analysis Tools: Online tools like MxToolbox’s Email Header Analyzer can simplify the process by parsing headers and highlighting issues.

By understanding and analyzing email headers, you can better detect and prevent email spoofing attempts, thereby safeguarding your personal and organizational security.​ Need extra security? Try ExchangeDefender PRO for free!

General Phishing

We all rely on the USPS to deliver our mail and packages, but scammers are exploiting that trust with a devious new trick: the USPS text scam, also known as “smishing.” This isn’t just another annoying robocall; it’s a carefully crafted attempt to steal your personal information and leave you vulnerable to identity theft.

Image Source: Reddit

How the Scam Works:

Imagine this: You receive a text message that appears to be from the United States Postal Service. It might say something like:

  • “Your package delivery has been delayed due to an unpaid shipping fee. Click here to resolve.”
  • “We were unable to deliver your package. Please call this number to reschedule.”
  • “Your package is being held at our facility. Verify your address to avoid return to sender.”

These messages often use urgent language to create a sense of panic. They want you to act quickly without thinking. The key element is a link or a phone number. Clicking the link takes you to a fake website that looks convincingly like the real USPS site, where you’re asked to enter sensitive information. Calling the number connects you to a scammer posing as a USPS representative.

The Danger Lurking Behind the Link:

The goal of these scams is simple: to trick you into handing over your personal and financial data. This could include:

  • Account usernames and passwords
  • Social Security numbers
  • Dates of birth
  • Credit and debit card numbers

With this information, scammers can wreak havoc on your finances and your identity.

How to Protect Yourself:

The good news is, you can easily protect yourself by remembering these crucial points:

  • USPS Doesn’t Initiate Contact via Text or Email (Unless You Specifically Request It): The USPS will not send you unsolicited text messages or emails. The only exception is if you’ve signed up for tracking updates using a specific tracking number.

  • USPS Messages Never Contain Links: Legitimate USPS communications will never include clickable links. This is a huge red flag.

  • Be Wary of Urgent Language: Scammers use urgency to pressure you. Take a moment to think before you act.

What to Do If You Receive a Suspicious Text:

  • DO NOT click on any links.
  • DO NOT call any numbers provided in the text.
  • Delete the message immediately.
  • Report the scam: You can report the message to the USPS Inspection Service (www.uspis.gov) or the Federal Trade Commission (FTC) at ReportFraud.ftc.gov.

Stay Vigilant, Stay Safe:

By staying informed and following these simple tips, you can protect yourself from the latest USPS text scam and avoid becoming a victim of identity theft. Don’t let scammers ruin your day – be smart and stay safe!

General Phishing

Even the most vigilant among us can fall victim to a well-crafted phishing email. These deceptive messages often appear to be from legitimate sources, like the Social Security Administration (SSA), and can trick you into revealing personal information or clicking on malicious links.

But don’t worry, ExchangeDefender is here to help! Here’s what you need to do if you receive a suspicious email claiming to be from the SSA:

1. Stop. Don’t Respond.

Resist the urge to reply or click on any links within the email. Phishing emails often contain malware disguised as links or attachments. Clicking on them could infect your device with viruses or spyware.

2. Report It. There are two ways to report a phishing Social Security email:

  • The SSA OIG Fraud Hotline: Call 1-800-269-0271 to report the scam directly to the SSA’s Office of the Inspector General.
  • The SSA OIG Online Reporting Form: Submit a detailed report online at https://oig.ssa.gov/report/.

3. Report It (Again!)

Most email providers offer tools to report spam and phishing emails. Forward the suspicious email to your provider’s designated reporting address. This helps them identify and block similar scams in the future.

4. Be Vigilant. Check Your Accounts.

Following a phishing attempt, it’s crucial to monitor your Social Security account and bank statements for any unusual activity. If you notice unauthorized transactions or changes to your accounts, contact the relevant institutions immediately.

5. Stay Educated, Stay Safe.

Knowledge is power! Educate yourself and others about the tactics used in phishing scams. There are numerous online resources that can help you distinguish legitimate emails from fraudulent ones.

Here at ExchangeDefender, we prioritize your online security. Our comprehensive email security solutions can help your business:

  • Identify and block phishing attempts before they reach your inbox.
  • Encrypt your email communication to ensure data remains confidential.
  • Prevent malware attacks by automatically detecting and removing malicious attachments.

Don’t let email threats disrupt your business. Contact ExchangeDefender today to learn how we can keep your data safe and your operations running smoothly!