Email Format: local@domain

protocols

SMTP

  • Simple mail transfer protocol
  • Port 25
  • New standard port is 587 used with TLS encryption.

POP3

  • Post office protocol 3
  • Application layer
  • Retrieves email from email server
  • Deleted from server after they are downloaded

IMAP

  • Internet Mail Access Protocol
  • Can read emails from any device
  • Stored email on server
  • Have the option to manually download

Anatomy

  • Contains information about emails transportation
  • Updated when passes through each server
  • Can view emails exact path
  • Must include who the email is from, who is receiving the email and the date it was sent.
  • It can include but might not, date message was processed, a reply address, the subject, the message ID and the message body.
  • Can easily change header information so not very reliable
  • Custom headers must start with x

Email Body

  • Where information is written by sender
  • Can include text, hyperlinks, images or HTML styling
  • Common to be encoded to rescue file size, common encoding is base 64
  • Use CYBERCHEF to decode

What is Phishing

Phishing is the act of sending an email with malicious intent, to coerce recipients into disclosing information, downloading malicious files, or otherwise completing an action that they would not normally do, by exploiting a human using one or more social-engineering techniques.

Consequences of phishing

  • 90% of all data breaches in 2019, were because of phishing
  • Average data breach cost is $3.86 million
  • 1.5 million new phishing sites created each month