Solved

Workplace gets a lot of Phishing emails.  Is it safe to open the email?

Posted on 2014-12-10
36
121 Views
Last Modified: 2015-03-10
Im desktop support here and we get a lot of phishing emails during a week.  Sometimes Im asked to get the headers from the emails.  Is this safe?  Is it possible today in a large, multinational company like this one, to get infected just by opening the email to read it?
Thank you,
Mark88
0
Comment
Question by:Mark88
  • 18
  • 8
  • 3
  • +5
36 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
No single answer to this.
It very much depends. What I do is have a browser appliance, a Linux machine with Firefox installed on it. The messages are opened on that machine. Reboot it and it is back to the default configuration, so if something has got on there
a. It doesn't last long.
b. It is a Linux machine, so will not get very far.

Simon.
0
 

Author Comment

by:Mark88
Comment Utility
lol niiiice!
0
 
LVL 78

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 100 total points
Comment Utility
you can view the headers without opening the message but opening the message you could get drive-by malware.  Better to just delete them
0
 

Author Comment

by:Mark88
Comment Utility
How do I get to the header w/o opening?
0
 
LVL 91

Expert Comment

by:nobus
Comment Utility
you can usually see the the mail on the server - without downloading
you can use another PC - as suggested
you can run from a live cd -  or usb stick, like Knoppix  : http://distrowatch.com/table.php?distribution=knoppix      

you can use a deepfreeze software, or card  : http://www.reborn.nl/home/support/drivers
0
 
LVL 28

Assisted Solution

by:jhyiesla
jhyiesla earned 100 total points
Comment Utility
I realize that this doesn't answer the question directly and you may not be in a position to make something happen, but the bigger issue is that the company needs to do something to stop the phishing emails from coming in. I would suggest a good email filtering/anti-spam service or appliance and web filtering as well. Phishing emails are bad, but if the company is letting them in, they could also be letting in more dangerous emails.

Everyone has their opinion about what's best and the company's budget and size will also come into play, but we have had good luck with Mimecast as an email service and an iPrism device as our web filter.
0
 

Author Comment

by:Mark88
Comment Utility
So I wont be able to open the headers w/o opening the email?

Also, how common are driveby downloads in large, multinational companies where scripting and such are disabled in emails?
0
 
LVL 23

Expert Comment

by:Dr. Klahn
Comment Utility
For at least one specific instance:  You don't want to open any HTML emails containing images.  When the email reader goes out to the phishing web site to get that image, the image URLs are almost always coded so that the phisher knows what email address opened the message.  This proves to the phisher that an email address is active and is an invitation to more spam.
0
 

Author Comment

by:Mark88
Comment Utility
But can I get headers w/o opening the email?  (Yes or No)  AND how if yes?
0
 

Author Comment

by:Mark88
Comment Utility
What is an "email reader"?
0
 
LVL 91

Accepted Solution

by:
nobus earned 100 total points
Comment Utility
i use mailwasher for this purpose : http://www.firetrust.com/products/mailwasher-pro
0
 

Author Comment

by:Mark88
Comment Utility
But can I get headers w/o opening the email?  (Yes or No)  AND how if yes?
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
Comment Utility
there are addon's available for exchange to view the headers (available in the exchange store) some are free some aren't
0
 

Author Comment

by:Mark88
Comment Utility
Ok, so looks like I'll be opening those myself and hoping I dont get a drive by.  What do you do if a driveby starts?
0
 

Author Comment

by:Mark88
Comment Utility
Have not heard anything
0
 
LVL 91

Expert Comment

by:nobus
Comment Utility
what do you mean with a driveby ??
did you try checking them on the mail server, or with mailwasher ?
0
 

Author Comment

by:Mark88
Comment Utility
http://en.wikipedia.org/wiki/Drive-by_download

The spam is on an eu's computer.
0
Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

 
LVL 91

Expert Comment

by:nobus
Comment Utility
jezus - the terms you people use...i'm even not english speaking, so i don't know them

i still don't under stand why you don't look at them on the webmail site and delete the unwanteed there -  then you do NOT have a download at all
0
 

Author Comment

by:Mark88
Comment Utility
That's not always true.  You can still get a driveby download
0
 
LVL 91

Expert Comment

by:nobus
Comment Utility
>>  That's not always true.  <<  plse explain - i'm unaware how is that possible
0
 

Author Comment

by:Mark88
Comment Utility
Our Security team said it's possible just by opening the email.  Im not a security specialist though so cant explain it.
0
 
LVL 91

Expert Comment

by:nobus
Comment Utility
i just told you to look at the mail on the server - before opening any mail program
then there is NO download, and you can delete the ones you don't want
try it
0
 

Author Comment

by:Mark88
Comment Utility
I don't have access to the server
0
 
LVL 91

Expert Comment

by:nobus
Comment Utility
what mail program , and mail server do you have ?
0
 

Author Comment

by:Mark88
Comment Utility
Outlook exchange server
0
 
LVL 91

Expert Comment

by:nobus
Comment Utility
i'm not familiar wuth it, but look if this helps :
http://www.wikihow.com/Access-Exchange-Webmail
0
 
LVL 69

Assisted Solution

by:Merete
Merete earned 100 total points
Comment Utility
Mark88, hi, since this is not on your system and you are asked how to get the headers without opening them., may I suggest you become familiar with them
Anti-spam message headers Exchange

This explains >What Can You Find in an Email Header? and Why Bother Looking at an Email Header?
As there is reports  that > we get a lot of phishing emails during a week
What I would suggest and what I do is to raise the junk filter level to Safe lists only for a little while.
When this option is selected, only emails from people that have been added to the Safe Senders and Safe Recipients lists will get into your Inbox.
All other emails go to the junk and there you can safely delete them and sort them add to safe list.
This is the simplest method and for me the most reliable.
How to configure Outlook Junk Mail Filter to stop spam email
https://www.ablebits.com/office-addins-blog/2014/01/31/stop-junk-email-outlook/
0
 
LVL 23

Assisted Solution

by:Brian B
Brian B earned 100 total points
Comment Utility
If you don't have access to the email server, I would assume that means there is someone who does? Really they are the ones who can answer these questions much more safely than you.

Having said that, unless all these email are from the same IP (and in my experience, they aren't), you don't have the power to fix the problem. It will be either the person who runs your Exchange server, or the person who runs the firewall for your organization.

As for a better explanation of a drive-by: It means that as soon as your system reads the code in the email message, if it is in Outlook or on webmail, it will execute a virus or some sort of malicious code that will infect the computer.
0
 

Author Comment

by:Mark88
Comment Utility
Ok thanks.  Gotta ask the mgr what's next then
0
 

Author Comment

by:Mark88
Comment Utility
Still working on it.
0
 

Author Comment

by:Mark88
Comment Utility
Waiting for the boss to tell me how to approach this.  I dont feel comfortable opening these.
0
 

Author Comment

by:Mark88
Comment Utility
Boss moved the ticket to someone else's queue
0
 
LVL 23

Expert Comment

by:Brian B
Comment Utility
Mark88, if this means you won't be able to answer further or indicated back what the solution was, please be sure to close the question.
0
 

Author Closing Comment

by:Mark88
Comment Utility
This ticket shouldve been with the server team/exchange team in the first place.  Maybe they were just testing me, I dont know.  All I know is that I didnt have to do this.
Mark88
0
 
LVL 23

Expert Comment

by:Brian B
Comment Utility
It happens. That's how you learn. The more you can do the harder stuff, the better chance it will help you move ahead. We are here to back you up. :-)
0

Featured Post

Want to promote your upcoming event?

Is your company attending an event or exhibiting at a trade show soon? Are you speaking at a conference? Spread the word by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
This video discusses moving either the default database or any database to a new volume.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now