Phising email
* It is multipart, what are the two parts?
* The HTML part, is it inviting the recepient to click somewhere?
* What is the email proporting to do when the link is clicked?
* Where will the browser actually go, when the link is clicked?
* From whom does the email proport to come from, and by what (at least) two ways does it say this?
* According to the headers, where does the email actually come from?
Format of Email
Return-Path:
Received: from ironport.newpaltz.edu (ironport.newpaltz.edu [137.140.1.118])
by phantom.math.xxxx.edu (8.14.4/8.14.4) with ESMTP id r2KC7sZo057346;
Wed, 20 Mar 2013 08:07:54 -0400 (EDT)
(envelope-from [email protected])
X-Spam-Flag: YES
Received: from zmail.newpaltz.edu ([137.140.1.112])
by ironportout.newpaltz.edu with ESMTP; 20 Mar 2013 08:07:49 -0400
Received: from localhost (localhost.localdomain [127.0.0.1])
by zmail.newpaltz.edu (Postfix) with ESMTP id DB03C10DC00B;
Wed, 20 Mar 2013 08:07:47 -0400 (EDT)
X-Virus-Scanned: amavisd-new at zmail.newpaltz.edu
Received: from zmail.newpaltz.edu ([127.0.0.1])
bylocalhost (zmail.newpaltz.edu [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id jcghw0+YylvM; Wed, 20 Mar 2013 08:07:47 -0400 (EDT)
Received: from Unknown (unknown [213.123.123.13])
by zmail.newpaltz.edu (Postfix) with ESMTPSA id 9D99D10D400B;
Wed, 20 Mar 2013 08:02:29 -0400 (EDT)
Message-ID:
From: "University of xxxx"
Subject: Notice From University of xxxx
Date: Wed, 20 Mar 2013 08:33:40 -0400
MIME-Version: 1.0
Content-Type: multipart/mixed;boundary="----=_20130324204259_94270"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
To: undisclosed-recipients:;
X-Math-Scanned: Phantom Zone Evaluation
------=_20130324204259_94270
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
---------------------------- Original Message ----------------------------
Subject: Notice From University of xxxx
From: "University of xxxx"
Date: Wed, March 20, 2013 8:33 am
To: undisclosed-recipients:;
--------------------------------------------------------------------------
Dear User,
Your e-mail will expire soon.
For security reasons, please use our website below to update your personal
information.
https://www.xxxx.edu/
University of xxxx
------=_20130324204259_94270
Content-Type: text/html; name="untitled-[2].html"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="untitled-[2].html"
id=yiv1193796572yui_3_7_2_1_1362975386038_2723 size=2 face=Arial>
style="FONT-SIZE: 10pt" id=yiv1193796572yui_3_7_2_1_1362975386038_4829
color=#808080 face=Arial>Dear User,
Your e-mail will expire
soon.
face=Verdana>
face=Arial>
id=yiv1193796572yui_3_7_2_1_1362975386038_4823>
id=yiv1193796572yui_3_7_2_1_1362975386038_4822 color=#808080>
style="FONT-SIZE: 10pt" id=yiv1193796572yui_3_7_2_1_1362975386038_4821>For
security reasons, please use our website below to update your personal
information.
------=_20130324204259_94270--