You have been assigned 7 emails to investigate. Some of these emails may contain content which can be classed as malicious, due to a number of reasons. They may contain malicious attachments, suspicious links, or Phishing attempts to gather private account information from the user.

You are expected to report your findings on each email, so that we can either block or release these emails to the users.

Problem Statement

Analysis

Email 1

• The email does not request the recepient to open any links and no threats are being exchanged.

• The response of the recepient suggests that the sender is a known person or a friend.

• Hence we can conclude that this email correspondence is safe.

Verdict : SAFE

Analysis

Email 2

• The email claims to be from Microsoft’s software called One Drive, however, the sender’s username indicates that it is from Venture in Russia(.ru).

• The grammer of the email is unprofessional with words like ‘SECURITY’ capitalized when there is no need for capatilizing the word.

• ‘Customers support’ has typo in it.

• There are 2 clickable links which need to be avoided as per the above observations which verifies that the email is malicious.

Verdict : MALICIOUS

Analysis

Email 3

• The hyperlink contained in the email has a typo where the ‘b’ in facebook is changed to a special character. This indicates that the link is not an authentic Facebook domain.

• The sender ‘Vinny’ does not seem to be a known associate of the receipient and if they were, it would be advisable to validate their email address.

Verdict : MALICIOUS

Analysis

Email 4

• The info@i.massdrop.com deems to be a safe email address with little ambiguity.

• The contents of the email seem professional with no hyper links but a clickable link to ‘SEE MORE’ whichmay raise some alarms.

• To confirm the authenticity of the brand, it is always advisable to search the name of the business on Google to confirm its existence and reputation.

Verdict : SAFE

Analysis

Email 5

• The email asks the receipient to reply with the credentials of their email account. This is the first red flag as another no circumstance should you credentials be exchanged on a public email server.

• The sender claims that they work for the FBI and even though they say that their account was compromised, it does not come from an offiial FBI email address so it should be disregarded.

• The sender conducts a bit of blackmail by claiming that they have to pass on critical informtion to HQ. Blackmail is on of the key identifiers of malicious emails.

• Knowing how powerful and well funded the FBI is, they must have better measures to protect their personnel than having them reach out to civilians for help. This would be common sense for most people who are aware of the organisation.

Verdict : MALICIOUS

Analysis

Email 6

• The email correspondence has the official ANZ logo in it as well as the email addresses are ‘@anz.com’ which indicates that this is the official ANZ email server.

• Both parties seem to know eachother frankly by indicating that they want to catch up for coffee. Additionally, the zip file is not being demanded, it is being offered and keeping in mind the above analysis, the zip file should be safe to open.

Verdict : SAFE

Analysis

Email 7

• The username Val.kill.ma indicates that this person is hiding their real identity and hence can not be trusted.

• The email lacks detail and does not seem proffessional.

• The link in the email has hxxp as oppossed to the widely recognized http protocol, hence it is ambigious and should be disregarded.

• The URL of the link also seems unreadable with a bunch of gibberish. Official URLs have more readable text.

Verdict : MALICIOUS