Solved

Workplace gets a lot of Phishing emails.  Is it safe to open the email?

Posted on 2014-12-10
36
123 Views
Last Modified: 2015-03-10
Im desktop support here and we get a lot of phishing emails during a week.  Sometimes Im asked to get the headers from the emails.  Is this safe?  Is it possible today in a large, multinational company like this one, to get infected just by opening the email to read it?
Thank you,
Mark88
0
Comment
Question by:Mark88
  • 18
  • 8
  • 3
  • +5
36 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40492790
No single answer to this.
It very much depends. What I do is have a browser appliance, a Linux machine with Firefox installed on it. The messages are opened on that machine. Reboot it and it is back to the default configuration, so if something has got on there
a. It doesn't last long.
b. It is a Linux machine, so will not get very far.

Simon.
0
 

Author Comment

by:Mark88
ID: 40492821
lol niiiice!
0
 
LVL 79

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 100 total points
ID: 40492911
you can view the headers without opening the message but opening the message you could get drive-by malware.  Better to just delete them
0
 

Author Comment

by:Mark88
ID: 40492938
How do I get to the header w/o opening?
0
 
LVL 91

Expert Comment

by:nobus
ID: 40493299
you can usually see the the mail on the server - without downloading
you can use another PC - as suggested
you can run from a live cd -  or usb stick, like Knoppix  : http://distrowatch.com/table.php?distribution=knoppix      

you can use a deepfreeze software, or card  : http://www.reborn.nl/home/support/drivers
0
 
LVL 28

Assisted Solution

by:jhyiesla
jhyiesla earned 100 total points
ID: 40493703
I realize that this doesn't answer the question directly and you may not be in a position to make something happen, but the bigger issue is that the company needs to do something to stop the phishing emails from coming in. I would suggest a good email filtering/anti-spam service or appliance and web filtering as well. Phishing emails are bad, but if the company is letting them in, they could also be letting in more dangerous emails.

Everyone has their opinion about what's best and the company's budget and size will also come into play, but we have had good luck with Mimecast as an email service and an iPrism device as our web filter.
0
 

Author Comment

by:Mark88
ID: 40493795
So I wont be able to open the headers w/o opening the email?

Also, how common are driveby downloads in large, multinational companies where scripting and such are disabled in emails?
0
 
LVL 24

Expert Comment

by:Dr. Klahn
ID: 40494306
For at least one specific instance:  You don't want to open any HTML emails containing images.  When the email reader goes out to the phishing web site to get that image, the image URLs are almost always coded so that the phisher knows what email address opened the message.  This proves to the phisher that an email address is active and is an invitation to more spam.
0
 

Author Comment

by:Mark88
ID: 40494322
But can I get headers w/o opening the email?  (Yes or No)  AND how if yes?
0
 

Author Comment

by:Mark88
ID: 40494329
What is an "email reader"?
0
 
LVL 91

Accepted Solution

by:
nobus earned 100 total points
ID: 40494369
i use mailwasher for this purpose : http://www.firetrust.com/products/mailwasher-pro
0
 

Author Comment

by:Mark88
ID: 40494376
But can I get headers w/o opening the email?  (Yes or No)  AND how if yes?
0
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 40495484
there are addon's available for exchange to view the headers (available in the exchange store) some are free some aren't
0
 

Author Comment

by:Mark88
ID: 40507641
Ok, so looks like I'll be opening those myself and hoping I dont get a drive by.  What do you do if a driveby starts?
0
 

Author Comment

by:Mark88
ID: 40521317
Have not heard anything
0
 
LVL 91

Expert Comment

by:nobus
ID: 40521413
what do you mean with a driveby ??
did you try checking them on the mail server, or with mailwasher ?
0
 

Author Comment

by:Mark88
ID: 40526166
http://en.wikipedia.org/wiki/Drive-by_download

The spam is on an eu's computer.
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 91

Expert Comment

by:nobus
ID: 40526386
jezus - the terms you people use...i'm even not english speaking, so i don't know them

i still don't under stand why you don't look at them on the webmail site and delete the unwanteed there -  then you do NOT have a download at all
0
 

Author Comment

by:Mark88
ID: 40526419
That's not always true.  You can still get a driveby download
0
 
LVL 91

Expert Comment

by:nobus
ID: 40526423
>>  That's not always true.  <<  plse explain - i'm unaware how is that possible
0
 

Author Comment

by:Mark88
ID: 40526429
Our Security team said it's possible just by opening the email.  Im not a security specialist though so cant explain it.
0
 
LVL 91

Expert Comment

by:nobus
ID: 40526512
i just told you to look at the mail on the server - before opening any mail program
then there is NO download, and you can delete the ones you don't want
try it
0
 

Author Comment

by:Mark88
ID: 40527205
I don't have access to the server
0
 
LVL 91

Expert Comment

by:nobus
ID: 40527297
what mail program , and mail server do you have ?
0
 

Author Comment

by:Mark88
ID: 40528390
Outlook exchange server
0
 
LVL 91

Expert Comment

by:nobus
ID: 40528851
i'm not familiar wuth it, but look if this helps :
http://www.wikihow.com/Access-Exchange-Webmail
0
 
LVL 70

Assisted Solution

by:Merete
Merete earned 100 total points
ID: 40537831
Mark88, hi, since this is not on your system and you are asked how to get the headers without opening them., may I suggest you become familiar with them
Anti-spam message headers Exchange

This explains >What Can You Find in an Email Header? and Why Bother Looking at an Email Header?
As there is reports  that > we get a lot of phishing emails during a week
What I would suggest and what I do is to raise the junk filter level to Safe lists only for a little while.
When this option is selected, only emails from people that have been added to the Safe Senders and Safe Recipients lists will get into your Inbox.
All other emails go to the junk and there you can safely delete them and sort them add to safe list.
This is the simplest method and for me the most reliable.
How to configure Outlook Junk Mail Filter to stop spam email
https://www.ablebits.com/office-addins-blog/2014/01/31/stop-junk-email-outlook/
0
 
LVL 23

Assisted Solution

by:Brian B
Brian B earned 100 total points
ID: 40544468
If you don't have access to the email server, I would assume that means there is someone who does? Really they are the ones who can answer these questions much more safely than you.

Having said that, unless all these email are from the same IP (and in my experience, they aren't), you don't have the power to fix the problem. It will be either the person who runs your Exchange server, or the person who runs the firewall for your organization.

As for a better explanation of a drive-by: It means that as soon as your system reads the code in the email message, if it is in Outlook or on webmail, it will execute a virus or some sort of malicious code that will infect the computer.
0
 

Author Comment

by:Mark88
ID: 40549906
Ok thanks.  Gotta ask the mgr what's next then
0
 

Author Comment

by:Mark88
ID: 40584957
Still working on it.
0
 

Author Comment

by:Mark88
ID: 40629868
Waiting for the boss to tell me how to approach this.  I dont feel comfortable opening these.
0
 

Author Comment

by:Mark88
ID: 40652176
Boss moved the ticket to someone else's queue
0
 
LVL 23

Expert Comment

by:Brian B
ID: 40653746
Mark88, if this means you won't be able to answer further or indicated back what the solution was, please be sure to close the question.
0
 

Author Closing Comment

by:Mark88
ID: 40655215
This ticket shouldve been with the server team/exchange team in the first place.  Maybe they were just testing me, I dont know.  All I know is that I didnt have to do this.
Mark88
0
 
LVL 23

Expert Comment

by:Brian B
ID: 40656646
It happens. That's how you learn. The more you can do the harder stuff, the better chance it will help you move ahead. We are here to back you up. :-)
0

Featured Post

Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video discusses moving either the default database or any database to a new volume.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now