Readers submit all kinds of malware to the Internet Storm Center: executables, documents, emails, ... This week I took a look at a phishing email submitted by a reader. Going through the headers, I spotted the following: X-PHISHING-TEST: This is a phishing awareness test conducted by $COMPANY I've seen similar headers before: they are used in emails designed to raise security awareness in a company. This email here simulates a phishing email, and these headers are added to flag the email as an awareness exercise, and they are also used to track individual emails. Headers like these are a bit like the evil bit: there's nothing to guarantee their authenticity ;-). Before informing our reader, I did a whois on the domain name of the phishing URL found inside the email body: it was registered by the same company mentioned in the header, and this is indeed a company specialized in security training and awareness. I took special care not to access the URL, as this could put our reader on a list of people who fell for the phishing attempt. Thus I informed our reader that it was indeed a phishing email, albeit of a special kind: it was a phishing awareness exercise. Later, he confirmed our findings. Didier Stevens |
DidierStevens 638 Posts ISC Handler Aug 13th 2017 |
Thread locked Subscribe |
Aug 13th 2017 4 years ago |
Sign Up for Free or Log In to start participating in the conversation!