Report spoof E-mail and send E-mail for Inspection In Office 365|Part 12#12 5/5 (1)

4 min read

In the current article, we will review two subjects that relate to a scenario in which organization experiences a Spoof E-mail attack:

  1. Report the Spoof E-mail as “Phishing mail”.
  2. Sent the Spoof E-mail for further analysis.

Report Spoof E-mail as “Phishing mail”

I try to get additional information regarding the subject of “what happens behind the scenes” when using the option of – reporting E-mail message as phishing in Office 365 environment but, I could not find information about the exact process that implemented.

Despite this lack of information, in a scenario of phishing E-mail message, the best practice is to use the option of “reporting”.

Send the Spoof E-mail for further analysis

In a scenario in which we want to forward the “Spoof E-mail message” to a technical person or team, that will be able to analyze the E-mail message, the most common mistake is to copy and paste the content of the “Spoof E-mail message” or send a screenshot to the technical person that will need to analyze the information.

In such a scenario, there are two important issues that we need to know about:

  1. Send the “Spoof E-mail message” as a mail item – the meaning is that we need to have all the data that include in the “Spoof E-mail message”, the content, the email headers and so on.
  2. When sending an E-mail as an attachment, there is a reasonable chance that the destination mail servers which “accept” the E-mail will change \update some fields in the E-mail header.

For this reason, when we sent an email message for further analysis, it’s important to “zip” the E-mail message.

Report a Spoof E-mail as “Phishing mail” in Office 365

At the current time, to the option of reporting about a Spoof E-mail or a “Phishing mail” is available for Office 365 customers and only one using the OWA mail client.

Technically speaking, the Spoof E-mail” is different from the formal definition of Phishing mail, but for our purpose, we will not go into a detailed description and relate to Spoof E-mail as a Phishing mail.

The process of reporting a particular E-mail as a “Spoof E-mail” is very simple.

All you need to do is to select the appropriate E-mail message, click on the small black arrow
on the not junk menu

Report E-mail as Spoof E-mail – Office 365 -01

And choose the menu Phishing

Report E-mail as Spoof E-mail – Office 365 -02

Send a spoofed E-mail for further analysis

In the following section, we will review the steps that need to be implemented in a scenario in which we want to forward a particular E-mail message to further analysis.

  • Choose the specific E-mail message that you want to send for further analysis.

Sent Spoof E-mail message for further process of analysis -01

  • Open the E-mail message and choose the File menu

Sent Spoof E-mail message for further process of analysis -02

  • Select the Save As menu

Sent Spoof E-mail message for further process of analysis -03

  • Save the E-mail message in a particular path that you choose.

Sent Spoof E-mail message for further process of analysis -04

The E-mail message will be saved by using the MSG file format.

Use your preferred file compression software that you like.
In our particular scenario, we use the built-in zip option for zipping the E-mail message.

Right click on the E-mail message and choose the menu – Send to and on the submenu Compressed (zipped) folder.

Sent Spoof E-mail message for further process of analysis -05

Create a new E-mail message and the ZIP file (the compressed E-mail message) as an attachment.

Sent Spoof E-mail message for further process of analysis -06

In the following screenshot, we can see the E-mail message with the zip attachment.

Sent Spoof E-mail message for further process of analysis -07

Dealing with spoof E-mail – Office 365 | Article series index

Now it’s Your Turn!
It is important for us to know your opinion on this article

Summary
Report spoof E-mail and send E-mail for Inspection In Office 365|Part 12#12
Article Name
Report spoof E-mail and send E-mail for Inspection In Office 365|Part 12#12
Description
In the current article, we will review two subjects that relate to a scenario in which organization experiences a Spoof E-mail attack:Report the Spoof E-mail as “Phishing mail”. Sent the Spoof E-mail for further analysis.
Author
Publisher Name
o365info.com
Publisher Logo
Print Friendly

Related Post

Please rate this

Eyal Doron on EmailEyal Doron on FacebookEyal Doron on GoogleEyal Doron on LinkedinEyal Doron on PinterestEyal Doron on RssEyal Doron on TwitterEyal Doron on WordpressEyal Doron on Youtube
Eyal Doron
Share your knowledge.
It’s a way to achieve immortality.
Dalai Lama

Leave a Reply

Your email address will not be published. Required fields are marked *