|
|
E-mail Info add-in for Outlook |
Phishing attempts can be a serious problem for individuals and businesses.
E-mail has never been the most secure medium around and with the ability to send mass e-mails in a short time, it makes an ideal means of exploitation.
With companies nowadays requesting personal e-mails and creating mailing lists, security breaches make it very easy for these lists to be used for malicious reasons.
In addition to this, unscrupulous companies sell these mailing lists themselves, making it possible to receive unwanted and dangerous e-mails from almost anywhere.
Filters from large e-mail providers have become more and more sophisticated and manage to catch most of the spam, phishing and virus e-mails,
but new, more insidious, phishing attempts keep coming and filters can't always keep up.
Sometimes a suspicious e-mail still manages to slip through.
This add-in for Outlook provides an opportunity to learn a lot of information about an e-mail before opening it.
The add-in analyzes the location of the servers the e-mail passed through, the attachments that came with the e-mail
and also examines the links contained. A user, in case of a suspicious e-mail, can look at all this additional
information to decide to open or delete the e-mail, helping avoid a phishing scam or a virus infection.
| Analyze location details of servers the e-mail passed through before opening it | ||
| Select and warn if e-mail goes through servers in specific countries | ||
|
Allow for quickly reading the e-mail in text format, to avoid executing any scripting code
|
||
| Links | ||
| Analyze location details of the servers the embedded links in the e-mail point to | ||
| Inspect and expand tinyurls to display the original link | ||
| Determine redirects and display the final link | ||
| Select and warn if links point to servers in specific countries or to specific servers |
| Mapping | ||
| Place on the world map the approximate location of the server that sent the e-mail |
| IP address | ||
| See the IP address of the servers the e-mail passed through and identify the countries of those servers/IP addresses | ||
| Handle IPv4 and IPv6 addresses |
| Blocked attachments | ||
| Download attachments blocked by Outlook (* at your own risk *) |
| E-mail path | ||
| Place on the world map the approximate location of the servers this e-mail has passed through |
| Geo IP providers | ||
| Select from multiple providers for location validation, depending on provider features and limits |
| Link information | ||
| Follow the links in the e-mail and determine the type of the files that will be obtained if clicking them |
| Attachments | ||
| Validate the attachments are of the type the file extension implies | ||
| Inspect file contents of compressed data containers |
| Potential viruses | ||
| Inspect script attachments that could damage your system (for advanced users that can read source code) |
| E-mail header | ||
| Display the full message header |
|
Phishing
|
||
|---|---|---|
| The principle to having a successful phishing attack is to make the user believe the information comes from a trusted source when in fact it does not. | ||
| This e-mail is pretending to come from Bank of Montreal (a major Canadian bank). | ||
| Outlook doesn't display the actual e-mail address asheldrik1@optusnet.com.au by default, so it's easy to see how someone could assume the email does come from BMO Support, especially someone that has an account with the bank. | ||
| Looking at the e-mail address, the server, optusnet, doesn't seem to have any name relation to BMO, while the au portion points to Australia - not really a main location for a Canadian bank. | ||
| Examining the IP addresses this e-mail has originated from, both seem to be from Australia. Why would a major Canadian bank have the servers on the other side of the world? | ||
| The last clue is found in the link contained inside the e-mail. The server jsdfg.ise-geek.org seems to be inaccessible, and looks nowhere near bmo.com which is the actual server for Bank of Montreal. |
|
Different File Extension
|
||
|---|---|---|
| Sometimes files sent are not of the same type as the extension implies. | ||
| In this case, a file was sent as text, when in fact it is an executable. | ||
| This is not as egregious because while the file is an executable, the extension is telling Windows to treat it as a text file so even if double clicked on, it will be opened by default by Notepad, which will not run the file, but will probably show plenty of non-text characters. | ||
| For this attachment to be a real threat, it would have to be named SoundCodec.txt.exe. As Windows hides file extensions by default, downloading and showing this file in Windows explorer would look like SoundCodec.txt due to the hidden extension. Windows will still see the double extension of .exe, hence running the file if the user double clicks on it. | ||
| Some servers (like Google's gmail) will detect this and block the file, or the e-mail altogether. |
|
Virus
|
||
|---|---|---|
| A virus is a piece of executable code that will have a negative effect on the system that runs is. It needs to either run automatically when the e-mail is received or somehow trick the user to run it. | ||
| To prevent viruses from spreading through e-mails, most providers will block executable attachments, Outlook will also block them in case they come through. | ||
| Viruses can also come in the form of scripts and can be just as damaging. | ||
| In this case, a script is included in a compressed ZIP file. The script by itself can be blocked by Outlook but by having it sent in a ZIP container, it managed to squeak through. Even so, the script will not run by itself, it still needs the user to open the ZIP container and then double click on the script for it to affect the system. | ||
| For advanced users, detailed byte information of the ZIP container and the internal files is also available, including what application Windows will use if the user runs it. |
|
Full Version
|
|---|
| Unlimited |
| E-mail IP Location |
| Multiple Geo IP Providers |
| Analyze Attachments |
| Inspect Links |
| Price: $5.99 |
|
License key will be e-mailed |
|
| Outlook | 32 bit | 64 bit |
|---|---|---|
| 2007 | ||
| 2010 | ||
| 2013 | ||
| 2016 | ||
| 2019 | ||
| 365 |
| Outlook | 32 bit | 64 bit |
|---|---|---|
| 2007 | ||
| 2010 | ||
| 2013 | ||
| 2016 | ||
| 2019 | ||
| 365 |
© 2019-2020 Rare Phoenix Soft, All Rights Reserved.