Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Workplace gets a lot of Phishing emails.  Is it safe to open the email?

Posted on 2014-12-10
36
Medium Priority
?
142 Views
Last Modified: 2015-03-10
Im desktop support here and we get a lot of phishing emails during a week.  Sometimes Im asked to get the headers from the emails.  Is this safe?  Is it possible today in a large, multinational company like this one, to get infected just by opening the email to read it?
Thank you,
Mark88
0
Comment
Question by:Mark O'Brien
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 18
  • 8
  • 3
  • +5
36 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40492790
No single answer to this.
It very much depends. What I do is have a browser appliance, a Linux machine with Firefox installed on it. The messages are opened on that machine. Reboot it and it is back to the default configuration, so if something has got on there
a. It doesn't last long.
b. It is a Linux machine, so will not get very far.

Simon.
0
 

Author Comment

by:Mark O'Brien
ID: 40492821
lol niiiice!
0
 
LVL 83

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 400 total points
ID: 40492911
you can view the headers without opening the message but opening the message you could get drive-by malware.  Better to just delete them
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 

Author Comment

by:Mark O'Brien
ID: 40492938
How do I get to the header w/o opening?
0
 
LVL 93

Expert Comment

by:nobus
ID: 40493299
you can usually see the the mail on the server - without downloading
you can use another PC - as suggested
you can run from a live cd -  or usb stick, like Knoppix  : http://distrowatch.com/table.php?distribution=knoppix      

you can use a deepfreeze software, or card  : http://www.reborn.nl/home/support/drivers
0
 
LVL 28

Assisted Solution

by:jhyiesla
jhyiesla earned 400 total points
ID: 40493703
I realize that this doesn't answer the question directly and you may not be in a position to make something happen, but the bigger issue is that the company needs to do something to stop the phishing emails from coming in. I would suggest a good email filtering/anti-spam service or appliance and web filtering as well. Phishing emails are bad, but if the company is letting them in, they could also be letting in more dangerous emails.

Everyone has their opinion about what's best and the company's budget and size will also come into play, but we have had good luck with Mimecast as an email service and an iPrism device as our web filter.
0
 

Author Comment

by:Mark O'Brien
ID: 40493795
So I wont be able to open the headers w/o opening the email?

Also, how common are driveby downloads in large, multinational companies where scripting and such are disabled in emails?
0
 
LVL 29

Expert Comment

by:Dr. Klahn
ID: 40494306
For at least one specific instance:  You don't want to open any HTML emails containing images.  When the email reader goes out to the phishing web site to get that image, the image URLs are almost always coded so that the phisher knows what email address opened the message.  This proves to the phisher that an email address is active and is an invitation to more spam.
0
 

Author Comment

by:Mark O'Brien
ID: 40494322
But can I get headers w/o opening the email?  (Yes or No)  AND how if yes?
0
 

Author Comment

by:Mark O'Brien
ID: 40494329
What is an "email reader"?
0
 
LVL 93

Accepted Solution

by:
nobus earned 400 total points
ID: 40494369
i use mailwasher for this purpose : http://www.firetrust.com/products/mailwasher-pro
0
 

Author Comment

by:Mark O'Brien
ID: 40494376
But can I get headers w/o opening the email?  (Yes or No)  AND how if yes?
0
 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 40495484
there are addon's available for exchange to view the headers (available in the exchange store) some are free some aren't
0
 

Author Comment

by:Mark O'Brien
ID: 40507641
Ok, so looks like I'll be opening those myself and hoping I dont get a drive by.  What do you do if a driveby starts?
0
 

Author Comment

by:Mark O'Brien
ID: 40521317
Have not heard anything
0
 
LVL 93

Expert Comment

by:nobus
ID: 40521413
what do you mean with a driveby ??
did you try checking them on the mail server, or with mailwasher ?
0
 

Author Comment

by:Mark O'Brien
ID: 40526166
http://en.wikipedia.org/wiki/Drive-by_download

The spam is on an eu's computer.
0
 
LVL 93

Expert Comment

by:nobus
ID: 40526386
jezus - the terms you people use...i'm even not english speaking, so i don't know them

i still don't under stand why you don't look at them on the webmail site and delete the unwanteed there -  then you do NOT have a download at all
0
 

Author Comment

by:Mark O'Brien
ID: 40526419
That's not always true.  You can still get a driveby download
0
 
LVL 93

Expert Comment

by:nobus
ID: 40526423
>>  That's not always true.  <<  plse explain - i'm unaware how is that possible
0
 

Author Comment

by:Mark O'Brien
ID: 40526429
Our Security team said it's possible just by opening the email.  Im not a security specialist though so cant explain it.
0
 
LVL 93

Expert Comment

by:nobus
ID: 40526512
i just told you to look at the mail on the server - before opening any mail program
then there is NO download, and you can delete the ones you don't want
try it
0
 

Author Comment

by:Mark O'Brien
ID: 40527205
I don't have access to the server
0
 
LVL 93

Expert Comment

by:nobus
ID: 40527297
what mail program , and mail server do you have ?
0
 

Author Comment

by:Mark O'Brien
ID: 40528390
Outlook exchange server
0
 
LVL 93

Expert Comment

by:nobus
ID: 40528851
i'm not familiar wuth it, but look if this helps :
http://www.wikihow.com/Access-Exchange-Webmail
0
 
LVL 70

Assisted Solution

by:Merete
Merete earned 400 total points
ID: 40537831
Mark88, hi, since this is not on your system and you are asked how to get the headers without opening them., may I suggest you become familiar with them
Anti-spam message headers Exchange

This explains >What Can You Find in an Email Header? and Why Bother Looking at an Email Header?
As there is reports  that > we get a lot of phishing emails during a week
What I would suggest and what I do is to raise the junk filter level to Safe lists only for a little while.
When this option is selected, only emails from people that have been added to the Safe Senders and Safe Recipients lists will get into your Inbox.
All other emails go to the junk and there you can safely delete them and sort them add to safe list.
This is the simplest method and for me the most reliable.
How to configure Outlook Junk Mail Filter to stop spam email
https://www.ablebits.com/office-addins-blog/2014/01/31/stop-junk-email-outlook/
0
 
LVL 25

Assisted Solution

by:Brian B
Brian B earned 400 total points
ID: 40544468
If you don't have access to the email server, I would assume that means there is someone who does? Really they are the ones who can answer these questions much more safely than you.

Having said that, unless all these email are from the same IP (and in my experience, they aren't), you don't have the power to fix the problem. It will be either the person who runs your Exchange server, or the person who runs the firewall for your organization.

As for a better explanation of a drive-by: It means that as soon as your system reads the code in the email message, if it is in Outlook or on webmail, it will execute a virus or some sort of malicious code that will infect the computer.
0
 

Author Comment

by:Mark O'Brien
ID: 40549906
Ok thanks.  Gotta ask the mgr what's next then
0
 

Author Comment

by:Mark O'Brien
ID: 40584957
Still working on it.
0
 

Author Comment

by:Mark O'Brien
ID: 40629868
Waiting for the boss to tell me how to approach this.  I dont feel comfortable opening these.
0
 

Author Comment

by:Mark O'Brien
ID: 40652176
Boss moved the ticket to someone else's queue
0
 
LVL 25

Expert Comment

by:Brian B
ID: 40653746
Mark88, if this means you won't be able to answer further or indicated back what the solution was, please be sure to close the question.
0
 

Author Closing Comment

by:Mark O'Brien
ID: 40655215
This ticket shouldve been with the server team/exchange team in the first place.  Maybe they were just testing me, I dont know.  All I know is that I didnt have to do this.
Mark88
0
 
LVL 25

Expert Comment

by:Brian B
ID: 40656646
It happens. That's how you learn. The more you can do the harder stuff, the better chance it will help you move ahead. We are here to back you up. :-)
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
how to add IIS SMTP to handle application/Scanner relays into office 365.

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question