In the current article, we will review two subjects that relate to a scenario in which organization experiences a Spoof E-mail attack:
- Report the Spoof E-mail as “Phishing mail”.
- Sent the Spoof E-mail for further analysis.
Table of content | Click to expand
Dealing with spoofed E-mail office 365 | Article Series
- Dealing with an E-mail spoof attack | general introduction | Office 365 based environment | Part 1#12
- Detect Spoof E-mail And Send An Incident Report Using Exchange Online Rule |Part 2#12
- Configuring exceptions for the Exchange Online Spoof E-mail rule |Part 3#12
- Detect Spoof E-mail And Mark The E-mail as spam Using Exchange Online Rule |Part 4#12
- Detect Spoof E-mail And Delete The Spoof E-mail Using Exchange Online Rule |Part 5#12
- Detect Spoof E-mail – Prepend The Subject Of The Spoof E-mail + Add Disclaimer Using Exchange Online Rule |Part 6#12
- Detect Spoof E-mail And Send The Spoof E-mail To Administrative Quarantine Using Exchange Online Rule |Part 7#12
- Detect Spoof E-mail And Raise the SCL value to “9” – Send E-mail To Quarantine Using Exchange Online Rule |Part 8#12
- Analyzing The Results Of The Exchange Spoof E-mail rule |Part 9#12
- How to Simulate E-mail Spoof Attack |Part 10#12
- How to Simulate E-mail Spoof Attack |Part 11#12
- Report Spoof E-mail And Send E-mail For Inspection In Office 365|Part 12#12
Report Spoof E-mail as “Phishing mail”
I try to get additional information regarding the subject of “what happens behind the scenes” when using the option of – reporting E-mail message as phishing in Office 365 environment but, I could not find information about the exact process that implemented.
Despite this lack of information, in a scenario of phishing E-mail message, the best practice is to use the option of “reporting”.
Send the Spoof E-mail for further analysis
In a scenario in which we want to forward the “Spoof E-mail message” to a technical person or team, that will be able to analyze the E-mail message, the most common mistake is to copy and paste the content of the “Spoof E-mail message” or send a screenshot to the technical person that will need to analyze the information.
In such a scenario, there are two important issues that we need to know about:
- Send the “Spoof E-mail message” as a mail item – the meaning is that we need to have all the data that include in the “Spoof E-mail message”, the content, the email headers and so on.
- When sending an E-mail as an attachment, there is a reasonable chance that the destination mail servers which “accept” the E-mail will change \update some fields in the E-mail header.
For this reason, when we sent an email message for further analysis, it’s important to “zip” the E-mail message.
Report a Spoof E-mail as “Phishing mail” in Office 365
At the current time, to the option of reporting about a Spoof E-mail or a “Phishing mail” is available for Office 365 customers and only one using the OWA mail client.
Technically speaking, the Spoof E-mail” is different from the formal definition of Phishing mail, but for our purpose, we will not go into a detailed description and relate to Spoof E-mail as a Phishing mail.
The process of reporting a particular E-mail as a “Spoof E-mail” is very simple.
All you need to do is to select the appropriate E-mail message, click on the small black arrow
on the not junk menu
And choose the menu Phishing
Send a spoofed E-mail for further analysis
In the following section, we will review the steps that need to be implemented in a scenario in which we want to forward a particular E-mail message to further analysis.
- Choose the specific E-mail message that you want to send for further analysis.
- Open the E-mail message and choose the File menu
- Select the Save As menu
- Save the E-mail message in a particular path that you choose.
The E-mail message will be saved by using the MSG file format.
Use your preferred file compression software that you like.
In our particular scenario, we use the built-in zip option for zipping the E-mail message.
Right click on the E-mail message and choose the menu – Send to and on the submenu Compressed (zipped) folder.
Create a new E-mail message and the ZIP file (the compressed E-mail message) as an attachment.
In the following screenshot, we can see the E-mail message with the zip attachment.