REDLEGG BLOG
pr-lp-p-1

Phishing Email Tip: Check Your Headers

Mar 6, 2018 1:00:25 PM  |  by Meaghann Lees

Phishing is a cyber attack employed to gather personal information about an individual or company. This week we want to talk about how to avoid these phishing emails that can leave your company vulnerable to attacks. Hint: Check your headers!

Check out this article from CSO Online to read more about phishing attacks and how to prevent them.

Phishing Emails: Scrutinize Your Email Headers

Email headers give the extra information necessary to determine if the sender is who they claim to be or if they are a fraud. This knowledge can be the fastest way to know if you should click the link they sent you, or send it to your Recycle Bin.

Information should stay consistent – if it looks like Jane.Doe@gmail.com sent the message, that should be reflected in the headers. If the header tells a different story, it could be time to give Jane a call and make sure it was really her who sent that spreadsheet. These items can be checked in various locations, depending on the email provider:

Outlook 2016 – Open the email in its own window, and select Message Options from the drop-down near the Follow-Up flags. This opens the Properties, containing the header information at the bottom.

Outlook 365 – Next to the Reply button, in the drop-down menu, “View message details” will populate the header information.


Gmail – In the drop-down selection next to the Reply option, choose “Show original,” which will populate the message including full headers in a new window.

Email Analysis Tools

There are tools online that can be used to further analyze the data, such as the one from MXToolbox: https://mxtoolbox.com/EmailHeaders.aspx. But in general, double-checking the Sender’s address to make sure that it’s correct can be sufficient to give you the heads-up necessary to make a smart decision, in less than a minute of effort.

Pen testing services like RedLegg's often offer a social engineering test option for companies in order to determine and increase employees' security awareness. Reach out to have a test scheduled for your organization.

Reach Out to an Expert

Want more? Read about...

New call-to-action

Subscribe to Our Blog

Follow everything RedLegg as we provide comprehensive solutions for real-world data protection and security challenges.

Related Articles

What Is Threat Modeling? pen testing, mss, threat intel

What Is Threat Modeling?

Year after year, cybersecurity risks continue to be a growing concern for companies of all sizes. From system data ...
3 Tools to Test Denial of Service Vulnerability pen testing, vulnerability, mss

3 Tools to Test Denial of Service Vulnerability

Denial of Service (DoS) attacks have been orchestrated by a multitude of threat actors, from nation-states to vigilante ...