Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
public:emai:malware [2021-10-21 13:49] – vesely | public:emai:malware [2021-11-19 08:13] – [Monitoring and filtering agenda] vesely |
---|
* [[:public:emai:malware#ip_reputation|Bad IP reputation]] - <font inherit/inherit;;#f39c12;;inherit>[IP reputaton]</font> - emails from IP addresses with bad reputation may be discarded or quarantined. It may be dangerous to receive emails from such IPs. | * [[:public:emai:malware#ip_reputation|Bad IP reputation]] - <font inherit/inherit;;#f39c12;;inherit>[IP reputaton]</font> - emails from IP addresses with bad reputation may be discarded or quarantined. It may be dangerous to receive emails from such IPs. |
* [[:public:emai:malware#warning_disclaimer_prepended_to_email|Warning Disclaimer]] (prepended to email) - <font inherit/inherit;;#f39c12;;inherit>[Newsletter]</font> - Anti-Phishing engine cannot decide about targeting URL link (usually concealed by click spying) | * [[:public:emai:malware#warning_disclaimer_prepended_to_email|Warning Disclaimer]] (prepended to email) - <font inherit/inherit;;#f39c12;;inherit>[Newsletter]</font> - Anti-Phishing engine cannot decide about targeting URL link (usually concealed by click spying) |
* [[:public:emai:malware#suspicious_content_html_links_docs|Suspicious content]] (HTML links, docs) - <font inherit/inherit;;#f39c12;;inherit>[Suspicious]</font> - HTML content and attachments may contain potentially hazardous tags and attributes | * [[:public:emai:malware#suspicious_content_html_links_docs_macro|Suspicious content]] (HTML links, docs) - <font inherit/inherit;;#f39c12;;inherit>[Suspicious]</font> - HTML content and attachments may contain potentially hazardous tags and attributes |
* [[:public:emai:malware#image_spam|Image Spam]] (images, pdf) - <font inherit/inherit;;#f39c12;;inherit>[Image spam]</font> - Some spammers conceal spam text as an image or PDF document. | * [[:public:emai:malware#image_spam|Image Spam]] (images, pdf) - <font inherit/inherit;;#f39c12;;inherit>[Image spam]</font> - Some spammers conceal spam text as an image or PDF document. |
* [[:public:emai:malware#deepheader_analysis|Deepheader analysis]] - <font inherit/inherit;;#f39c12;;inherit>[Suspicious - header analysis]</font> - Deepheader analysis examines the entire message header for spam characteristics. | * [[:public:emai:malware#deepheader_analysis|Deepheader analysis]] - <font inherit/inherit;;#f39c12;;inherit>[Suspicious - header analysis]</font> - Deepheader analysis examines the entire message header for spam characteristics. |
**Malicious use of spoofing** - Phishing and business email compromise scams generally involve an element of email spoofing. Email spoofing has been responsible for public incidents with serious business and financial consequences. | **Malicious use of spoofing** - Phishing and business email compromise scams generally involve an element of email spoofing. Email spoofing has been responsible for public incidents with serious business and financial consequences. |
| |
Example of spoof email: | **Example of spoof email:** |
| |
MAIL FROM: **johndoe2<font inherit/inherit;;#2980b9;;inherit>@gmail.com</font>** \\ | MAIL FROM: **johndoe2<font inherit/inherit;;#2980b9;;inherit>@gmail.com</font>** \\ |
To: **jane.dow<font inherit/inherit;;#d35400;;inherit>@cerge-ei.cz</font>** | To: **jane.dow<font inherit/inherit;;#d35400;;inherit>@cerge-ei.cz</font>** |
| |
Such email is suspicious. Some user with an account at Gmail (johndoe2@gmail.com) set his profile to use institutional email address (john.doe@cerge-ei.cz) but it is not sent via cerge-ei.cz email server but via google server. | Such email is suspicious. Some user with an account at Gmail (johndoe2@gmail.com) set his profile to use institutional email address (john.doe@cerge-ei.cz). \\ |
| Problem is that such email is not sent (hence authorised) by cerge-ei.cz email server but it is sent by some third party server(google server in this case). |
| |
===== SPF ===== | ===== SPF ===== |
===== Suspicious ===== | ===== Suspicious ===== |
| |
==== Suspicious content (HTML links, docs) ==== | ==== Suspicious content (HTML links, docs, macro) ==== |
| |
//Added subject tag: **[Suspicious]** // | //Added subject tag: **[Suspicious]** // |