Skip to content

Report spoof E-mail and send E-mail for Inspection In Office 365|Part 12#12

In the current article, we will review two subjects that relate to a scenario in which organization experiences a Spoof E-mail attack:

  1. Report the Spoof E-mail as “Phishing mail”.
  2. Sent the Spoof E-mail for further analysis.

Report Spoof E-mail as “Phishing mail”

I try to get additional information regarding the subject of “what happens behind the scenes” when using the option of – reporting E-mail message as phishing in Office 365 environment but, I could not find information about the exact process that implemented.

Despite this lack of information, in a scenario of phishing E-mail message, the best practice is to use the option of “reporting”.

Send the Spoof E-mail for further analysis

In a scenario in which we want to forward the “Spoof E-mail message” to a technical person or team, that will be able to analyze the E-mail message, the most common mistake is to copy and paste the content of the “Spoof E-mail message” or send a screenshot to the technical person that will need to analyze the information.

In such a scenario, there are two important issues that we need to know about:

  1. Send the “Spoof E-mail message” as a mail item – the meaning is that we need to have all the data that include in the “Spoof E-mail message”, the content, the email headers and so on.
  2. When sending an E-mail as an attachment, there is a reasonable chance that the destination mail servers which “accept” the E-mail will change \update some fields in the E-mail header.

For this reason, when we sent an email message for further analysis, it’s important to “zip” the E-mail message.

Report a Spoof E-mail as “Phishing mail” in Office 365

At the current time, to the option of reporting about a Spoof E-mail or a “Phishing mail” is available for Office 365 customers and only one using the OWA mail client.

Technically speaking, the Spoof E-mail” is different from the formal definition of Phishing mail, but for our purpose, we will not go into a detailed description and relate to Spoof E-mail as a Phishing mail.

The process of reporting a particular E-mail as a “Spoof E-mail” is very simple.

All you need to do is to select the appropriate E-mail message, click on the small black arrow
on the not junk menu

Report E-mail as Spoof E-mail – Office 365 -01

And choose the menu Phishing

Report E-mail as Spoof E-mail – Office 365 -02

Send a spoofed E-mail for further analysis

In the following section, we will review the steps that need to be implemented in a scenario in which we want to forward a particular E-mail message to further analysis.

  • Choose the specific E-mail message that you want to send for further analysis.
Sent Spoof E-mail message for further process of analysis -01
  • Open the E-mail message and choose the File menu
Sent Spoof E-mail message for further process of analysis -02
  • Select the Save As menu
Sent Spoof E-mail message for further process of analysis -03
  • Save the E-mail message in a particular path that you choose.
Sent Spoof E-mail message for further process of analysis -04

The E-mail message will be saved by using the MSG file format.

Use your preferred file compression software that you like.
In our particular scenario, we use the built-in zip option for zipping the E-mail message.

Right click on the E-mail message and choose the menu – Send to and on the submenu Compressed (zipped) folder.

Sent Spoof E-mail message for further process of analysis -05

Create a new E-mail message and the ZIP file (the compressed E-mail message) as an attachment.

Sent Spoof E-mail message for further process of analysis -06

In the following screenshot, we can see the E-mail message with the zip attachment.

Sent Spoof E-mail message for further process of analysis -07
o365info Team

o365info Team

This article was written by our team of experienced IT architects, consultants, and engineers.

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *