Workplace gets a lot of Phishing emails. Is it safe to open the email?

Im desktop support here and we get a lot of phishing emails during a week.  Sometimes Im asked to get the headers from the emails.  Is this safe?  Is it possible today in a large, multinational company like this one, to get infected just by opening the email to read it?
Thank you,
Mark88
Mark O'BrienDispatch Software Support and Server AdministrationAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
nobusConnect With a Mentor Commented:
i use mailwasher for this purpose : http://www.firetrust.com/products/mailwasher-pro
0
 
Simon Butler (Sembee)ConsultantCommented:
No single answer to this.
It very much depends. What I do is have a browser appliance, a Linux machine with Firefox installed on it. The messages are opened on that machine. Reboot it and it is back to the default configuration, so if something has got on there
a. It doesn't last long.
b. It is a Linux machine, so will not get very far.

Simon.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
lol niiiice!
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
David Johnson, CD, MVPConnect With a Mentor OwnerCommented:
you can view the headers without opening the message but opening the message you could get drive-by malware.  Better to just delete them
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
How do I get to the header w/o opening?
0
 
nobusCommented:
you can usually see the the mail on the server - without downloading
you can use another PC - as suggested
you can run from a live cd -  or usb stick, like Knoppix  : http://distrowatch.com/table.php?distribution=knoppix      

you can use a deepfreeze software, or card  : http://www.reborn.nl/home/support/drivers
0
 
jhyieslaConnect With a Mentor Commented:
I realize that this doesn't answer the question directly and you may not be in a position to make something happen, but the bigger issue is that the company needs to do something to stop the phishing emails from coming in. I would suggest a good email filtering/anti-spam service or appliance and web filtering as well. Phishing emails are bad, but if the company is letting them in, they could also be letting in more dangerous emails.

Everyone has their opinion about what's best and the company's budget and size will also come into play, but we have had good luck with Mimecast as an email service and an iPrism device as our web filter.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
So I wont be able to open the headers w/o opening the email?

Also, how common are driveby downloads in large, multinational companies where scripting and such are disabled in emails?
0
 
Dr. KlahnPrincipal Software EngineerCommented:
For at least one specific instance:  You don't want to open any HTML emails containing images.  When the email reader goes out to the phishing web site to get that image, the image URLs are almost always coded so that the phisher knows what email address opened the message.  This proves to the phisher that an email address is active and is an invitation to more spam.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
But can I get headers w/o opening the email?  (Yes or No)  AND how if yes?
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
What is an "email reader"?
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
But can I get headers w/o opening the email?  (Yes or No)  AND how if yes?
0
 
David Johnson, CD, MVPOwnerCommented:
there are addon's available for exchange to view the headers (available in the exchange store) some are free some aren't
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
Ok, so looks like I'll be opening those myself and hoping I dont get a drive by.  What do you do if a driveby starts?
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
Have not heard anything
0
 
nobusCommented:
what do you mean with a driveby ??
did you try checking them on the mail server, or with mailwasher ?
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
http://en.wikipedia.org/wiki/Drive-by_download

The spam is on an eu's computer.
0
 
nobusCommented:
jezus - the terms you people use...i'm even not english speaking, so i don't know them

i still don't under stand why you don't look at them on the webmail site and delete the unwanteed there -  then you do NOT have a download at all
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
That's not always true.  You can still get a driveby download
0
 
nobusCommented:
>>  That's not always true.  <<  plse explain - i'm unaware how is that possible
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
Our Security team said it's possible just by opening the email.  Im not a security specialist though so cant explain it.
0
 
nobusCommented:
i just told you to look at the mail on the server - before opening any mail program
then there is NO download, and you can delete the ones you don't want
try it
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
I don't have access to the server
0
 
nobusCommented:
what mail program , and mail server do you have ?
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
Outlook exchange server
0
 
nobusCommented:
i'm not familiar wuth it, but look if this helps :
http://www.wikihow.com/Access-Exchange-Webmail
0
 
MereteConnect With a Mentor Commented:
Mark88, hi, since this is not on your system and you are asked how to get the headers without opening them., may I suggest you become familiar with them
Anti-spam message headers Exchange

This explains >What Can You Find in an Email Header? and Why Bother Looking at an Email Header?
As there is reports  that > we get a lot of phishing emails during a week
What I would suggest and what I do is to raise the junk filter level to Safe lists only for a little while.
When this option is selected, only emails from people that have been added to the Safe Senders and Safe Recipients lists will get into your Inbox.
All other emails go to the junk and there you can safely delete them and sort them add to safe list.
This is the simplest method and for me the most reliable.
How to configure Outlook Junk Mail Filter to stop spam email
https://www.ablebits.com/office-addins-blog/2014/01/31/stop-junk-email-outlook/
0
 
Brian BConnect With a Mentor Independant Technology ProfessionalCommented:
If you don't have access to the email server, I would assume that means there is someone who does? Really they are the ones who can answer these questions much more safely than you.

Having said that, unless all these email are from the same IP (and in my experience, they aren't), you don't have the power to fix the problem. It will be either the person who runs your Exchange server, or the person who runs the firewall for your organization.

As for a better explanation of a drive-by: It means that as soon as your system reads the code in the email message, if it is in Outlook or on webmail, it will execute a virus or some sort of malicious code that will infect the computer.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
Ok thanks.  Gotta ask the mgr what's next then
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
Still working on it.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
Waiting for the boss to tell me how to approach this.  I dont feel comfortable opening these.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
Boss moved the ticket to someone else's queue
0
 
Brian BIndependant Technology ProfessionalCommented:
Mark88, if this means you won't be able to answer further or indicated back what the solution was, please be sure to close the question.
0
 
Mark O'BrienDispatch Software Support and Server AdministrationAuthor Commented:
This ticket shouldve been with the server team/exchange team in the first place.  Maybe they were just testing me, I dont know.  All I know is that I didnt have to do this.
Mark88
0
 
Brian BIndependant Technology ProfessionalCommented:
It happens. That's how you learn. The more you can do the harder stuff, the better chance it will help you move ahead. We are here to back you up. :-)
0
All Courses

From novice to tech pro — start learning today.