REDLEGG BLOG
pr-lp-p-1

Phishing Email Tip: Check Your Headers

3/6/18 1:00 PM  |  by Meaghann Lees

Phishing is a cyber attack employed to gather personal information about an individual or company. This week we want to talk about how to avoid these phishing emails that can leave your company vulnerable to attacks. Hint: Check your headers!

Check out this article from CSO Online to read more about phishing attacks and how to prevent them.

Phishing Emails: Scrutinize Your Email Headers

Email headers give the extra information necessary to determine if the sender is who they claim to be or if they are a fraud. This knowledge can be the fastest way to know if you should click the link they sent you, or send it to your Recycle Bin.

Information should stay consistent – if it looks like Jane.Doe@gmail.com sent the message, that should be reflected in the headers. If the header tells a different story, it could be time to give Jane a call and make sure it was really her who sent that spreadsheet. These items can be checked in various locations, depending on the email provider:

Outlook 2016 – Open the email in its own window, and select Message Options from the drop-down near the Follow-Up flags. This opens the Properties, containing the header information at the bottom.

Outlook 365 – Next to the Reply button, in the drop-down menu, “View message details” will populate the header information.


Gmail – In the drop-down selection next to the Reply option, choose “Show original,” which will populate the message including full headers in a new window.

Email Analysis Tools

There are tools online that can be used to further analyze the data, such as the one from MXToolbox: https://mxtoolbox.com/EmailHeaders.aspx. But in general, double-checking the Sender’s address to make sure that it’s correct can be sufficient to give you the heads-up necessary to make a smart decision, in less than a minute of effort.

Pen testing services like RedLegg's often offer a social engineering test option for companies in order to determine and increase employees' security awareness. Reach out to have a test scheduled for your organization.

Reach Out to an Expert

Want more? Read about...

New call-to-action

Get Blog Updates

Related Articles

6 Steps of Vulnerability Scanning: Best Practices pen testing, vulnerability

6 Steps of Vulnerability Scanning: Best Practices

Nessus Scanner Best Practices For Common Issues pen testing

Nessus Scanner Best Practices For Common Issues

As our networks, systems, devices, and apps proliferate, the potential attack surfaces available for malicious threat ...