Solved

Workplace gets a lot of Phishing emails.  Is it safe to open the email?

Posted on 2014-12-10
36
131 Views
Last Modified: 2015-03-10
Im desktop support here and we get a lot of phishing emails during a week.  Sometimes Im asked to get the headers from the emails.  Is this safe?  Is it possible today in a large, multinational company like this one, to get infected just by opening the email to read it?
Thank you,
Mark88
0
Comment
Question by:Mark88
  • 18
  • 8
  • 3
  • +5
36 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40492790
No single answer to this.
It very much depends. What I do is have a browser appliance, a Linux machine with Firefox installed on it. The messages are opened on that machine. Reboot it and it is back to the default configuration, so if something has got on there
a. It doesn't last long.
b. It is a Linux machine, so will not get very far.

Simon.
0
 

Author Comment

by:Mark88
ID: 40492821
lol niiiice!
0
 
LVL 79

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 100 total points
ID: 40492911
you can view the headers without opening the message but opening the message you could get drive-by malware.  Better to just delete them
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 

Author Comment

by:Mark88
ID: 40492938
How do I get to the header w/o opening?
0
 
LVL 92

Expert Comment

by:nobus
ID: 40493299
you can usually see the the mail on the server - without downloading
you can use another PC - as suggested
you can run from a live cd -  or usb stick, like Knoppix  : http://distrowatch.com/table.php?distribution=knoppix      

you can use a deepfreeze software, or card  : http://www.reborn.nl/home/support/drivers
0
 
LVL 28

Assisted Solution

by:jhyiesla
jhyiesla earned 100 total points
ID: 40493703
I realize that this doesn't answer the question directly and you may not be in a position to make something happen, but the bigger issue is that the company needs to do something to stop the phishing emails from coming in. I would suggest a good email filtering/anti-spam service or appliance and web filtering as well. Phishing emails are bad, but if the company is letting them in, they could also be letting in more dangerous emails.

Everyone has their opinion about what's best and the company's budget and size will also come into play, but we have had good luck with Mimecast as an email service and an iPrism device as our web filter.
0
 

Author Comment

by:Mark88
ID: 40493795
So I wont be able to open the headers w/o opening the email?

Also, how common are driveby downloads in large, multinational companies where scripting and such are disabled in emails?
0
 
LVL 25

Expert Comment

by:Dr. Klahn
ID: 40494306
For at least one specific instance:  You don't want to open any HTML emails containing images.  When the email reader goes out to the phishing web site to get that image, the image URLs are almost always coded so that the phisher knows what email address opened the message.  This proves to the phisher that an email address is active and is an invitation to more spam.
0
 

Author Comment

by:Mark88
ID: 40494322
But can I get headers w/o opening the email?  (Yes or No)  AND how if yes?
0
 

Author Comment

by:Mark88
ID: 40494329
What is an "email reader"?
0
 
LVL 92

Accepted Solution

by:
nobus earned 100 total points
ID: 40494369
i use mailwasher for this purpose : http://www.firetrust.com/products/mailwasher-pro
0
 

Author Comment

by:Mark88
ID: 40494376
But can I get headers w/o opening the email?  (Yes or No)  AND how if yes?
0
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 40495484
there are addon's available for exchange to view the headers (available in the exchange store) some are free some aren't
0
 

Author Comment

by:Mark88
ID: 40507641
Ok, so looks like I'll be opening those myself and hoping I dont get a drive by.  What do you do if a driveby starts?
0
 

Author Comment

by:Mark88
ID: 40521317
Have not heard anything
0
 
LVL 92

Expert Comment

by:nobus
ID: 40521413
what do you mean with a driveby ??
did you try checking them on the mail server, or with mailwasher ?
0
 

Author Comment

by:Mark88
ID: 40526166
http://en.wikipedia.org/wiki/Drive-by_download

The spam is on an eu's computer.
0
 
LVL 92

Expert Comment

by:nobus
ID: 40526386
jezus - the terms you people use...i'm even not english speaking, so i don't know them

i still don't under stand why you don't look at them on the webmail site and delete the unwanteed there -  then you do NOT have a download at all
0
 

Author Comment

by:Mark88
ID: 40526419
That's not always true.  You can still get a driveby download
0
 
LVL 92

Expert Comment

by:nobus
ID: 40526423
>>  That's not always true.  <<  plse explain - i'm unaware how is that possible
0
 

Author Comment

by:Mark88
ID: 40526429
Our Security team said it's possible just by opening the email.  Im not a security specialist though so cant explain it.
0
 
LVL 92

Expert Comment

by:nobus
ID: 40526512
i just told you to look at the mail on the server - before opening any mail program
then there is NO download, and you can delete the ones you don't want
try it
0
 

Author Comment

by:Mark88
ID: 40527205
I don't have access to the server
0
 
LVL 92

Expert Comment

by:nobus
ID: 40527297
what mail program , and mail server do you have ?
0
 

Author Comment

by:Mark88
ID: 40528390
Outlook exchange server
0
 
LVL 92

Expert Comment

by:nobus
ID: 40528851
i'm not familiar wuth it, but look if this helps :
http://www.wikihow.com/Access-Exchange-Webmail
0
 
LVL 70

Assisted Solution

by:Merete
Merete earned 100 total points
ID: 40537831
Mark88, hi, since this is not on your system and you are asked how to get the headers without opening them., may I suggest you become familiar with them
Anti-spam message headers Exchange

This explains >What Can You Find in an Email Header? and Why Bother Looking at an Email Header?
As there is reports  that > we get a lot of phishing emails during a week
What I would suggest and what I do is to raise the junk filter level to Safe lists only for a little while.
When this option is selected, only emails from people that have been added to the Safe Senders and Safe Recipients lists will get into your Inbox.
All other emails go to the junk and there you can safely delete them and sort them add to safe list.
This is the simplest method and for me the most reliable.
How to configure Outlook Junk Mail Filter to stop spam email
https://www.ablebits.com/office-addins-blog/2014/01/31/stop-junk-email-outlook/
0
 
LVL 23

Assisted Solution

by:Brian B
Brian B earned 100 total points
ID: 40544468
If you don't have access to the email server, I would assume that means there is someone who does? Really they are the ones who can answer these questions much more safely than you.

Having said that, unless all these email are from the same IP (and in my experience, they aren't), you don't have the power to fix the problem. It will be either the person who runs your Exchange server, or the person who runs the firewall for your organization.

As for a better explanation of a drive-by: It means that as soon as your system reads the code in the email message, if it is in Outlook or on webmail, it will execute a virus or some sort of malicious code that will infect the computer.
0
 

Author Comment

by:Mark88
ID: 40549906
Ok thanks.  Gotta ask the mgr what's next then
0
 

Author Comment

by:Mark88
ID: 40584957
Still working on it.
0
 

Author Comment

by:Mark88
ID: 40629868
Waiting for the boss to tell me how to approach this.  I dont feel comfortable opening these.
0
 

Author Comment

by:Mark88
ID: 40652176
Boss moved the ticket to someone else's queue
0
 
LVL 23

Expert Comment

by:Brian B
ID: 40653746
Mark88, if this means you won't be able to answer further or indicated back what the solution was, please be sure to close the question.
0
 

Author Closing Comment

by:Mark88
ID: 40655215
This ticket shouldve been with the server team/exchange team in the first place.  Maybe they were just testing me, I dont know.  All I know is that I didnt have to do this.
Mark88
0
 
LVL 23

Expert Comment

by:Brian B
ID: 40656646
It happens. That's how you learn. The more you can do the harder stuff, the better chance it will help you move ahead. We are here to back you up. :-)
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
how to add IIS SMTP to handle application/Scanner relays into office 365.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question